@techreport{ma-cfrg-looma-00,
    number =    {draft-ma-cfrg-looma-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ma-cfrg-looma/00/},
    author =    {Xinshu Ma and Michio Honda and Colin Perkins},
    title =     {{Looma: Low-Latency Post-Quantum Authentication for TLS 1.3 in Datacenters}},
    pagetotal = 16,
    year =      2026,
    month =     mar,
    day =       2,
    abstract =  {Post-quantum (PQ) authentication in TLS 1.3 can add tens to hundreds of microseconds of handshake processing time. In datacenters, where mutual authentication is mandatory, this authentication cost becomes a dominant contributor to end-to-end request latency, particularly when connections are short-lived and handshake rates are high. This document specifies Looma, an online/offline authentication architecture integrated into the TLS 1.3 handshake. Looma replaces the on-path, per-handshake PQ signature with a fast, one-time signature over the TLS transcript and moves expensive work (including the multi-use PQ signature) to an asynchronous background plane. Looma includes a fallback strategy to preserve correct authentication when the verifier does not have the peer's one-time verification key cached.},
}