On Wed, Apr 29, 2026 at 08:50:14PM -0400, David Benjamin wrote:
> Hehehe. Well, I would agree that composites are preferable to this model.
> But I also think not doing hybrids is preferable to both. :-)
In my favourite corner of the ecosystem it seems that the way to map
this onto DANE would be to require **each** (rather than any) of the
presented certificates (or raw public key) to match a DANE TLSA record.
And yes, the introspection API currently does not support returning
multiple matching TLSA records and certificates (or RPKs) at the
conclusion of the handshake, nor reporting multiple signature algorithms
as having played a role... So reporting the resulting state gets rather
hairy.
One might even imagine a mixture of certificates and raw public keys
used by a peer, just to make things "more interesting".
So, while I'm not explicitly indicating which of composites or
multi-certs I dislike more, there are definitely complications
in both I'd strongly prefer to entirely avoid.
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
