> On Mar 31, 2021, at 2:42 PM, Blumenthal, Uri - 0553 - MITLL <uri@xxxxxxxxxx> wrote: > > You are right - there’s no urgency in PQ signatures. > > However, PQ KEM keys aren’t small. And, as I said, für austere links every unnecessary byte of crap hurts. > > Also, sending root certs seems (marginally) useful only when the recipient is a Web browser. And even then I assume most of the IT people would want to block the ability of a “mere” user to add an “unblessed” trusted root. I am not trying to suggest that including the root CA in the server's chain is a best practice. I am sticking with mostly harmless. And even with DANE, my recommendation is to use an intermediate CA with the DANE-TA(2) records, and not rely on the root CA being part of the transmitted chain. -- Viktor.
