It's also trusted as an EU Trust Service Provider. https://eidas.ec.europa.eu/efda/trust-services/browse/eidas/... That's basically QWACS. <ins>Ah, of course you mentioned it in the other thread!</ins>

We definitely should have, and that is on us. We'll fix it. https://blog.cloudflare.com/unauthorized-issuance-of-certifi...

If you don't mind a one terabyte public key. https://eprint.iacr.org/2017/351.pdf

also that paper (IMO) is ridiculously conservative. Just using 1GB keys is plenty sufficient since it would require a quantum computer with a billion bits to decrypt.

How long does it take to generate a key that big? What probabilities do you need to put on generating a composite number and not a prime? Does the prime need extra properties?

Based on https://eprint.iacr.org/2017/351.pdf it would be about 1900 core hours (but I'm pretty sure optimized implementations could bring it down a bunch). No extra properties needed and moderate probability is sufficient.

it took until 2011 before Sandy bridge cracked 2 billion. If we get 40 years of quantum resistance from 1GB RSA, that would be pretty great.

About 8x just for key agreement and 40x for signatures. It's a lot. For key agreement it's worth it, and now about 1/3 of browsers in the wild use it. http://radar.cloudflare.com/adoption-and-u…

One third of all human traffic with Cloudflare is using a post-quantum KEM. I'd say that counts as enabled. We want that to be 100% of course. Chrome (and derivates) enabled PQ by default. https://radar.cloudflare.com/adoption-and-usage

About one third of traffic with Cloudflare is already using post-quantum encryption. https://x.com/bwesterb/status/1866459174697050145

Signatures still have to be upgraded, but that's more difficult. We're working on it. http://blog.cloudflare.com/pq-2024/#migrating-the-internet-t...

Go patches are out. (1.21.3, 1.20.10)

Cool!

Caddy support incoming. https://github.com/caddyserver/caddy/pull/5852

I'll take the compliment, thank you :).