On Mon, Jun 10, 2024 at 8:33 PM Michael Jones <michael_b_jo...@hotmail.com> wrote: > > We all know that TLS certificates are handled by platform layers used by > applications and not the applications themselves. There is no code that > understands X.509 certificates in most applications that use TLS. They are > not equivalent in complexity. > > > > The draft would require adding code directly understanding the structure and > fields of X.509 to applications using it. Eliminate that, and I’ll support > adoption.
I don't understand your proposal. An X509 certificate is the only way to link a DNS name to a key at a given point in time as we can leverage the Web PKI. Absent that, what do you do? Also, I'm not sure what you mean by platform layers. Many of them expose a function to verify a signature with a key in an X509 cert or verify a cert chain, even outside the context of TLS. Are there particular ones that would have a problem you are concerned about? Sincerely, Watson Ladd _______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
