⚠️ Notice
Some tools, functions, or services described – including, by way of example, test environments, hybrid certificates, and interoperability procedures – are experimental in nature and do not guarantee compliance with specific regulations. Functionality, performance, and results may vary based on customer configurations. This tool visualizes an evolving IETF draft (PLANTS Working Group): draft-ietf-plants-merkle-tree-certs. For education only.
Post-quantum signatures are huge
12x bigger signatures break TLS. Merkle Tree Certificates fix it.
Every certificate becomes a leaf
A leaf stores only the fingerprint (SHA-256) of a certificate, not the full key.
| # | Subject | Leaf hash |
|---|
Classic PQC handshake
MTC handshake
One website, two certificates
The dual-issuance bootstrap approach: issue a traditional X.509 AND a Merkle Tree Certificate for the same subject and key.
| Field | Traditional X.509 | Merkle Tree Certificate |
|---|
A live transparency log
Issue and revoke certificates: the append-only log grows and stays consistent.
Certificate browser
| # | Subject | Serial | Leaf hash | Status | Form |
|---|