On Tue, Mar 10, 2026 at 05:57:23PM +0900, Seo Suchan wrote: > I think if public key client ask is something that can signe things we could > just ask client to sign a jws with key in question:
That is not cryptographically kosher, and does not work with algorithms that are not in JWS. > we need something else for kemtls though, because they can't sign > anything but makeing new random shared session key Have server send challenge ciphertext, and then have client decapsulate it and send MAC using the key. KEMTLS is not happening any time soon anyway. -Ilari _______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
