Appears in collection : 2024 - T3 - WS1 - Deployment of post-quantum cryptography

It is well-accepted that with PQ KEMs, in particular ML-KEM, we need to move with urgency, and that we should deploy ML-KEM in hybrid with RSA or ECC to protect against potential algorithmic attacks. Is the same true of PQ signatures, in particular ML-DSA? We will explore the arguments why or why not. We will then explore several IETF Internet-Drafts for PQ hybrids and other PQ migration mechanisms for PKI on which the presenter is a primary author: CompositeML-DSA, CompositeML-KEM, Alt Public Keys, Chameleon certificates, external public keys, RelatedCertificateDestriptor, and of course simple multiple certificate approaches.