(I think this is worth pondering, but I don’t mean it too seriously—don’t panic.) Are the sizes of post-quantum signatures getting you down? Are you despairing of deploying a post-quantum Web PKI? Don’t fret! Symmetric cryptography is post-quantum too! When you connect to a site, also fetch a record from DNS that contains a handful of “CA” records. Each contains: a UUID that identifies a CA ECA-key(server-CA-key, AAD=server-hostname) A key ID so that the CA can find “CA-key” from the previous fi...