BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.pass-the-salt.org//pts2026//speaker//MELKGU
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-pts2026-DVVX3Z@cfp.pass-the-salt.org
DTSTART;TZID=CET:20260701T111000
DTEND;TZID=CET:20260701T114500
DESCRIPTION:The Web PKI is the foundation on which many security systems de
 pend\, and for many the gold standard of how to do PKI. On closer inspecti
 on\, the Web PKI is an old system evolved with patches added from one cris
 is to the next. In this talk\, we discuss recent efforts to modernize the 
 Web PKI to maintain reliability and security in the face of the imminent t
 hreat from quantum computers.\n\nThe transition to post-quantum cryptograp
 hic algorithms is hampered by the massive increase in size of PQC signatur
 es relative to traditional cryptographic signatures. A straightforward “
 copy/paste” approach in which PQC algorithms were naively added into the
  existing WebPKI would add massive increases in the size of the TLS handsh
 ake\, leading to a significant (around 50% P50) handshake latency to every
  HTTPS connection made.\n\nThe impact of PQC on the web PKI wouldn’t sto
 p at handshake sizes. The public web PKI also relies on transparency into 
 certificate issuance (“Certificate Transparency”\, CT) to help detect 
 and mitigate unauthorized certificate issuance.  For the past decade\, CT 
 has served its purpose of holding Certification Authorities (CAs) accounta
 ble\, recently notably detecting Fina CA’s mis-issuance of certificates 
 for 1.1.1.1\, Cloudflare’s Encrypted DNS service late last year. Unfortu
 nately\, a naive adoption of the most mature PQC algorithms into the curre
 nt public CT ecosystem would likely result in the ecosystem’s collapse d
 ue to the increased operational costs for logs\, burdening an already-frag
 ile group of volunteer log operators.\n\nCloudflare and Google Chrome have
  spearheaded an effort\, Merkle Tree Certificates (MTCs)\, that offer a ne
 w approach to HTTPS certificates that combine issuance and transparency in
 to a single cryptographic object. Under active development in the Internet
  Engineering Task Force (IETF)’s PKI\, Logs\, and Tree Signatures (PLANT
 S) working group\, MTCs reduce the overhead of post-quantum TLS certificat
 es by 4-22Kb\, eliminating the impact on client latency. Simultaneously\, 
 the design mitigates the impact on the Certificate Transparency ecosystem\
 , likely resulting in reduced costs compared to today’s status quo.\n\nI
 n this talk\, we’ll walk through the MTC proposal\, interesting open dis
 cussions happening in the working group and discuss the results of early e
 xperimentation between Chrome and Cloudflare.
DTSTAMP:20260514T103229Z
LOCATION:Amphitheater 122
SUMMARY:Let's stay encrypted—rethinking WebPKI for post-quantum age with 
 Merkle Tree Certificates - Bas Westerbaan
URL:https://cfp.pass-the-salt.org/pts2026/talk/DVVX3Z/
END:VEVENT
END:VCALENDAR