Question: How Are Merkle Tree Certificate Revocations Going to Happen?
It seems pretty obvious that, due to post-quantum cryptography concerns, much of our public PKI is going to implement Merkle Tree certificates (while private PKI will likely be x.509 for at least the intermediate future). Merkle Tree certificates are basically blockchain for digital certificates, where many individual certificate signature hashes are hashed and presented as far fewer hashes when communicated to relying clients. My question is how revocation of Merkle Tree certificates is handled, especially when we are likely to have millions of annual revocations and accelerating with ever-decreasing certificate lifespans? I've seen a few answers that seem to vaguely answer my question, but they seem half-baked and not very scalable. Does anyone know how Merkle Tree certificate revocation will be handled at scale?