On 27/09/2024 13:35, Martin Steigerwald wrote:
> However I did not look into how and to what extent TLS 1.3 and PQC are
> simpler than TLS 1.2.
>

TLS 1.3 reduces the cryptography options quite drastically. It's possible post
quantum crypto will complicate that again though. Hopefully not too much.

> And I do not really agree to top-down centrally managed trust
> relationships.

Agreed and this adds to the potential of certificate handling vulnerabilities.
OpenSSH certificate handling is much simpler.