On Wed, Apr 29, 2026 at 4:58 PM Stephen Farrell <[email protected]> wrote: > > > Hiya, > > On 30/04/2026 00:36, Eric Rescorla wrote: > > Even stipulating for the moment that it's good to sign with multiple > > certificates, I do not believe that this is the correct approach to doing > > so. > > I wouldn't class my question as really proposing an approach, > more as wondering if there's interest in tackling the problem > of composite signatures requiring servers to have to have loads > of uselessly different certs to do be able to make the composite > signatures that a variety of clients might need.
Don't invite a combinatorial explosion (explosive? annelid dispersal device?) into your PKI. Instead use proven techniques like chain selection based on supported algorithms to achieve flexibility. > > > If we're going to do something here, something more like > > https://datatracker.ietf.org/doc/draft-yusef-tls-pqt-dual-certs/ seems like > > a better starting point. > > Sure, that'd certainly be a more real starting point, though I > suspect there'd be lots of work required still. (Thanks for the > ref though, I'd not read that before.) > > I guess a better form of my question is whether there's interest > in tackling that server configuration issue for those who would > like to have both traditional and PQ authentication (for some > period)? > > Cheers, > S. > > > > > > -Ekr > > > > > > On Wed, Apr 29, 2026 at 4:27 PM Stephen Farrell <[email protected]> > > wrote: > > > >> > >> Hiya, > >> > >> Given that it may be the case that getting certificates for > >> composite signing keys could be impractical and also involve > >> a combinatoric explosion in the number of credentials severs > >> would need to have available, I wonder if anyone has explored > >> whether it'd be useful to look at defining a way in which a > >> server (or, I guess, a client) could authenticate using more > >> than one CertificateVerify message? > >> > >> I guess that figuring that all out, and getting it implemented > >> and deployed would involve a pile of work, but ISTM it might > >> be useful, hence the question:-) > >> > >> Cheers, > >> S. > >> > >> PS: If this isn't a bonkers idea, I'd be willing to do work on > >> it, for whatever that'd be worth:-) > >> > >> _______________________________________________ > >> TLS mailing list -- [email protected] > >> To unsubscribe send an email to [email protected] > >> > > > > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected] -- Astra mortemque praestare gradatim _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
