Various proposals are being explored for X509 V3 certificates in a Post Quantum Cryptography (PQC) world.
Currently, these include just having a certificate for classical and PQ, having a hybrid certificate for classical and PQ using X509 extensions or composite certificates that concatenate as many signatures into one blob as needed. If I understand correctly, the first two approaches are an or function, that is, you use either the classical or post-quantum signature only. The Composite approach can use all the signatures, so users would have to validate all signatures used in the blob.
Is this understanding, correct?
The question I have is when you get to the protocol level. Crypto agility is defined as the ability of a security system to be able to rapidly switch between algorithms, cryptographic primitives, and other encryption mechanisms without the rest of the system’s infrastructure being significantly affected by these changes.
How is industry considering TLS, for example? Is there a Classical TLS and a PQC TLS? Are there just two variants of the protocol, which seems to violate crypto agility? If there are two, what is needed to switch between them in a real instantiation?
Another approach is to have a hybrid TLS that allows selection of classical or PQC algorithms in the negotiation. However, how many years would such a variant take to create by the standards body as this greatly increases the complexity, but maybe that is the point. Note that I am aware of the Open Quantum Safe (https://openquantumsafe.org/) projects, but they all appear to create a PQ variant only. Also, at some point, you would sunset the classical algorithms and only support the PQ ones. How would such a transition happen?
The same sorts of questions can be asked about SSH, OpenSSL, gnu utils and any other protocol or application that uses classical vs quantum-safe algorithms.
Are these things that just have not been worked out and it is going to take years for the protocol and application developers to hold working group meetings to decide on how this will be done technically, logistically and the like?