On Wed, Apr 15, 2026 at 04:06:27PM +0000, Andrei Popov wrote:
> The complexity argument is implementation-dependent. On Windows, the
> PKI stack encapsulates the multiple keys involved, so the use of a
> composite cert looks no different to the TLS stack (and other apps)
> than the use of any other cert.
Likewise in OpenSSL, the real complexity is having to implement and
support the algorithms, when it is not clear who's going to use them,
and whether supporting them is a disservice to the community because it
breeds balkanisation through too many choices only some of which will be
supported by some of the stacks. I see it as a Pandora's box I don't
want to open without good cause.
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
