For those that don't know, during the TLS handshake, the server sends its certificate chain so the client can verify they're talking to who they think they are. When we move to Post Quantum-safe signatures for these certificates, they get huge and will cause the handshake to get really big. The PLANTS group at the IETF is working on a method to avoid this, and Merkle Tree Certificates are currently the way they're going.

Google and Cloudflare are going to start testing this (with proper safeguards in place) for traffic using Chrome and talking to certain sites hosted on Cloudflare. Announcements and explanations of MTC:

https://blog.cloudflare.com/bootstrap-mtc/

https://security.googleblog.com/2026/02/cultivating-robust-and-efficient.html

It might be a good time to test your TLS intercepting firewalls and proxies to make sure this doesn't break things for the time being. It's early days and a great time to get ahead of any problems.