Hiya,
Given that it may be the case that getting certificates for composite signing keys could be impractical and also involve a combinatoric explosion in the number of credentials severs would need to have available, I wonder if anyone has explored whether it'd be useful to look at defining a way in which a server (or, I guess, a client) could authenticate using more than one CertificateVerify message? I guess that figuring that all out, and getting it implemented and deployed would involve a pile of work, but ISTM it might be useful, hence the question:-) Cheers, S. PS: If this isn't a bonkers idea, I'd be willing to do work on it, for whatever that'd be worth:-)
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
