More specifically, I was thinking about attested TLS. We proposed modification of CertificateVerify message as one of the potential solutions for attested TLS (slide 7/15 in [1]). In this case, one identifier is network identity and the other identifier is state of server (assuming server as Attester). Is Appendix B.5.1 meant to explicitly exclude such use cases of dual certificate in your design? If yes, why exactly? In order words, what design problem and/or extra work do you see in making it more generic for wider applications rather than limiting it to PQ/T?
Usama[1] https://datatracker.ietf.org/meeting/122/materials/slides-122-tls-identity-crisis-00
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
