I think it’s at least partly right (few things are simple enough to have one cause).

A lot of businesses ask co-workers to share a room on trips. Business travel is a large share of reservations.

That would be a bummer !

And with X11 support gone we would have to downgrade to VNC to access our VMs?

Being pulled aside by management because your desire for correctness and high quality got you in trouble when you wanted to correct project management kind of sucks. Having your “ah, that’s probably easy” attitude makes you seem arrogant and as if you want to “show off” - even if the thing objectively speaking IS easy to you and even if you could do a better job in less time than your colleagues.

It’s a blessing but when people are envious and agree that your gift is just arrogance from ignorance, then the blessing turns into a curse.

I can solve virtually any technical challenge that I am presented, given enough time (usually 1/10th the time needed by my colleagues) and yet I seem to get in trouble more times than others for the reasons above.

(For ref. I work in IT as probably most here, with an IQ of 135+, i.e. top-1%)

AWS also made huge inroads in big companies because engineering teams could run their own account off of their budget and didn’t have to go through to IT to requisition servers, which was often red tape hell. In my experience it was just as much about internal politics as the technical benefits.

They're saying WebPKI, which mean basically web browsers can more or less push this through on their evergreen release schedule when it becomes necessary.

PKI for everything else can go at their own pace

I took some rough notes to whittle down the verbiage.

This proposal is to introduce PQ certificates in WebPKI such as for certificate authorities.

Problem is PQ signatures are large. If certificate chain is small that could be acceptable, but if the chain is large, then it can be expensive in terms of bandwidth and computation during TLS handshake. That is the exchange sends many certificates which embed a signature and a large (PQ) public key.

Merkle Tree Certificates ensures that an up to date client only needs 1 signature, 1 public key, 1 merkle tree witness.

Looking at an MTC generated certificate they've replaced the traditional signing algorithm and signature with a witness.

That means all a client needs is a signed merkle root which comes from an expanding Merkle Tree signed by the MTCA (Merkle Tree CA), which is delivered somehow out of band.

So basically TLS client receives certificate containing new signature algorithm which embeds a witness instead of a signature, a root (not sure if just a hash or a signed hash, I think the former). Client will get the signed roots out of band, which can be pre-verified, which means verifying the witness is simply doing a check on the witness.

Edit: My question: is this really a concern that needs to be addressed? PQ for TLS key exchange addresses a looming threat of HNDL (Harvest Now Decrypt Later). I don't see why we need to address making WebPKI use PQ signatures, at least for awhile now.

The percentage of the US population that voted for Trump went up roughly half a percentage point from 2020 to 2024 and most of American society has responded as if that makes him a permanent dictator. And it isn’t just his supporters, most Democratic politicians and ostensibly apolitical corporations are behaving that way too. I don’t get it.

The pay for this kind of work usually isn’t very good. People do it for the mission.