<?xml version="1.0" encoding="UTF-8"?>
<reference anchor="I-D.yusef-tls-pqt-dual-certs" target="https://datatracker.ietf.org/doc/html/draft-yusef-tls-pqt-dual-certs-02">
   <front>
      <title>Post-Quantum Traditional (PQ/T) Hybrid Authentication with Dual Certificates in TLS 1.3</title>
      <author initials="R." surname="Shekh-Yusef" fullname="Rifaat Shekh-Yusef">
         <organization>Ciena</organization>
      </author>
      <author initials="H." surname="Tschofenig" fullname="Hannes Tschofenig">
         <organization>University of Applied Sciences Bonn-Rhein-Sieg</organization>
      </author>
      <author initials="M." surname="Ounsworth" fullname="Mike Ounsworth">
         <organization>Entrust</organization>
      </author>
      <author initials="T." surname="Reddy.K" fullname="Tirumaleswar Reddy.K">
         <organization>Nokia</organization>
      </author>
      <author initials="Y." surname="Rosomakho" fullname="Yaroslav Rosomakho">
         <organization>Zscaler</organization>
      </author>
      <date month="June" day="24" year="2026" />
      <abstract>
	 <t>   The anticipated emergence of cryptographically relevant quantum
   computers (CRQCs) poses a threat to the authentication mechanisms
   used in TLS 1.3.  This document defines a hybrid authentication
   mechanism that uses two independent certificates, one traditional and
   one post-quantum, ensuring that an attacker must break both
   algorithms to compromise a TLS connection.  The two certificate
   chains are carried in a single Certificate message and two
   independent signatures are encoded in the CertificateVerify message.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-yusef-tls-pqt-dual-certs-02" />
   
</reference>
