The server still has to send its own key, so that part is bigger. They're making up the space by replacing traditional CA signatures and intermediate certificates with merkle tree hash-based signatures.
Raw number of bytes can't be directly compared between cryptography schemes, cryptographic hashes make very efficient use of space and don't have the same quantum weaknesses that old public key cryptography has. The quantum-unsafe RSA signatures being replaced are about 256 bytes, the new ML-DSA signatures are about 2400 bytes, and SHA-256 Merkle tree references are 32 bytes for the same level of security and quantum-proofness.
The server still has to send its own key, so that part is bigger. They're making up the space by replacing traditional CA signatures and intermediate certificates with merkle tree hash-based signatures.
Raw number of bytes can't be directly compared between cryptography schemes, cryptographic hashes make very efficient use of space and don't have the same quantum weaknesses that old public key cryptography has. The quantum-unsafe RSA signatures being replaced are about 256 bytes, the new ML-DSA signatures are about 2400 bytes, and SHA-256 Merkle tree references are 32 bytes for the same level of security and quantum-proofness.