Summary
Highlights
Post-quantum resistant certificates pose a challenge due to their large size. A typical TLS handshake involves a 1 kilobyte CA root certificate, but with post-quantum algorithms, this would increase to 14 kilobytes. This size is unacceptable for the billions of daily internet transactions, as it would severely impact internet infrastructure and CDNs.
Google, in collaboration with Cloudflare, has proposed Merkle Tree Certificates (MTCs) to overhaul the traditional TLS handshake. Instead of embedding the entire chain from leaf to root, MTCs verify if a certificate is part of a Merkle Tree signed by the CA. This significantly reduces the size of the certificate part of the TLS handshake, improves performance, and addresses the challenge of large post-quantum certificate sizes.
MTCs will enable the practical use of quantum-resistant certificates, making TLS encryption more secure. Google's proposal sets a clear direction for the entire industry, including browsers, CAs, and software vendors, to collaborate on implementing the new specifications to prepare for post-quantum attacks on TLS connections.
Google plans to operate its MTC-based root program by summer 2027, with MTC certificates expected in production by 2028. Organizations need to monitor this space, transition to web server software that supports MTCs, and prioritize crypto agility. Failure to adopt could lead to losing website visitors and impacting revenue.
Crypto agility and automation are crucial for businesses to prepare for these changes. The focus extends beyond certificate inventory to a complete cryptographic bill of material (CBOM), encompassing all software serving certificates (web servers, reverse proxies, load balancers). Google's MTC program will only accept CAs fully based on ACME, requiring short-lived certificates (less than 10 days) and automated issuance, making manual processes obsolete.
While browsers are at the forefront of MTC adoption, the challenge remains for lower operating system level tools like cURL and Wget, and non-browser-based internet uses such as IoT exchanges, to catch up. The CA/B Forum is discussing and will eventually incorporate these new requirements into the TLS Baseline Requirements, ensuring compliance and auditability for CAs operating MTC certificates.