On Thu, Apr 02, 2026 at 04:38:17PM -0500, Nico Williams wrote: > > Basically the WebPKI roots should _never_ be in the _default_ trust > anchor set for _any applications other than Web browsers_. But soon > you'll realize that you'll want short-hand names for trust anchor sets > so it's easy to specify which one to use for apps.
TLS also has rather bad trust anchor negotiation (just certificate_authorities), so folks end up using WebPKI roots in places where those are very ill-suited (like IoT). This kind of issue also famously slowed down the SHA-1 to SHA-2 transition. There are a number of posts on Let's Encrypt community forums about folks using Let's Encrypt certs for various embedded clients, and the stuff breaking (sometimes unrecoverably) due to some change the CA made (most often certificate hierarchy changes). The problem with certificate_authorities is that it is poorly supported on server side, and it is quite verbose. One could make much more compact version that does not rely on DNS (which has its own issues) by using truncated hashes. While that would not scale to WebPKI scale, it could easily deal with a dozen or two anchors (unless bandwidth is very constrained). -Ilari _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
