I hope there’s more to it than presented here, because this can be summarized as “64 bytes is too weak, so we make it bigger. Solved. The big is too big so we reduce it to 64 bytes. Solved.”
The strong certificate is not part of the end check, but proven via merkle tree reference. At the end of the day the end user check is only verifying 64 bytes of proof.
So it is kinda pointless? Can I attack the merkle tree reference to claim the strong certificate is used when it is not?
What am I missing?
The server still has to send its own key, so that part is bigger. They’re making up the space by replacing traditional CA signatures and intermediate certificates with merkle tree hash-based signatures.
Raw number of bytes can’t be directly compared between cryptography schemes, cryptographic hashes make very efficient use of space and don’t have the same quantum weaknesses that old public key cryptography has. The quantum-unsafe RSA signatures being replaced are about 256 bytes, the new ML-DSA signatures are about 2400 bytes, and SHA-256 Merkle tree references are 32 bytes for the same level of security and quantum-proofness.
