Google has devised a means for securing HTTPS certificates against quantum computing attacks without massive performance hits stemming from the considerably longer size of data required to be included.

@andrei_chiffa @dangoodin The QR asymmetric handshake protects against passive attackers decrypting sniffed traffic, but not against active attackers presenting a forged certificate in a man-in-the-middle attack. Merkle Tree Certificates protect against the latter threat.

@dangoodin Yes, closely. There's a lot of momentum and Mozilla and Apple are interested as well.

New blog post: Why IP Address Certificates Are Dangerous and Usually Unnecessary https://www.agwa.name/blog/post/ip_address_certs