Google is redesigning Web PKI through Merkle Tree Certificates (MTCs), a next-generation approach that merges certificate issuance with Certificate Transparency to address two major problems: the massive size increase of post-quantum cryptographic signatures and the fragility of the current CT infrastructure. MTCs replace X.509 certificate signatures with inclusion proofs, dramatically reducing handshake size. The design is being standardized at IETF's PLANTS working group with Cloudflare collaboration, with core technology validation planned for 2026 and bootstrapping of the new PKI in 2027. The transition will require servers to support multiple certificate types simultaneously and complex TLS negotiation. Separately, Google has accelerated its PQC migration deadline to 2029, citing new research showing a ~20x improvement in quantum attacks against elliptic curve cryptography and a paper claiming RSA can be broken with only 10,000 qubits. Also covered: Encrypted Client Hello standardized as RFC 9849.
Sort: