On Thu, Apr 30, 2026 at 12:25:42AM +0100, Stephen Farrell wrote: > > Given that it may be the case that getting certificates for > composite signing keys could be impractical and also involve > a combinatoric explosion in the number of credentials severs > would need to have available, I wonder if anyone has explored > whether it'd be useful to look at defining a way in which a > server (or, I guess, a client) could authenticate using more > than one CertificateVerify message?
As an implementer, that seems like a giant can of worms. The main problem is what kind of RP policies are reasonable and what are not. -Ilari _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
