@techreport{yusef-tls-pqt-dual-certs-02, number = {draft-yusef-tls-pqt-dual-certs-02}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-yusef-tls-pqt-dual-certs/02/}, author = {Rifaat Shekh-Yusef and Hannes Tschofenig and Mike Ounsworth and Tirumaleswar Reddy.K and Yaroslav Rosomakho}, title = {{Post-Quantum Traditional (PQ/T) Hybrid Authentication with Dual Certificates in TLS 1.3}}, pagetotal = 20, year = 2026, month = jun, day = 24, abstract = {The anticipated emergence of cryptographically relevant quantum computers (CRQCs) poses a threat to the authentication mechanisms used in TLS 1.3. This document defines a hybrid authentication mechanism that uses two independent certificates, one traditional and one post-quantum, ensuring that an attacker must break both algorithms to compromise a TLS connection. The two certificate chains are carried in a single Certificate message and two independent signatures are encoded in the CertificateVerify message.}, }