It is well-accepted that with PQ KEMs, in particular ML-KEM, we need to move with urgency, and that we should deploy ML-KEM in hybrid with RSA or ECC to protect against potential algorithmic attacks. Is the same true of PQ signatures, in particular ML-DSA? We will explore the arguments why or why not. We will then explore several IETF Internet-Drafts for PQ hybrids and other PQ migration mechanisms for PKI on which the presenter is a primary author: CompositeML-DSA, CompositeML-KEM, Alt Public Keys, Chameleon certificates, external public keys, RelatedCertificateDestriptor, and of course simple multiple certificate approaches.
By Akira Takahashi
By Bill Newhouse
By Mike Ounsworth
By Hubert Le Van Gong
By Reza Azarderakhsh
By Gilles Seghaier
By Thomas Prest
By Markku-Juhani O. Saarinen
By Kris Gaj
By Mehrnoosh Sadrzadeh
By Tomoyuki Morimae
By Pouria Fallahpour
By Javad Shabani
