Hi Stephen, On 30.04.26 01:25, Stephen Farrell wrote:
I wonder if anyone has explored whether it'd be useful to look at defining a way in which a server (or, I guess, a client) could authenticate using more than one CertificateVerify message?
Yes, please see Sec. 9.1.2 of [0]. The detailed design and formal analysis of this is in a paper that we submit next week. Happy to share that off-list if you are interested.
As Ekr pointed out, [1] is a good start. I believe authors have done good work. If you (and others) find out that it is potentially useful direction, please attest to it in the thread [2] to move this work forward.
In my understanding, at least 21 member states of the EU need hybrids. We have to do something for them. So I read "way too complicated" mentioned in the thread as "let's get started with some serious work rather than doing hacks like standalone ML-DSA."
Thank you. Sincerely, -Usama[0] https://www.researchgate.net/publication/398839141_Identity_Crisis_in_Confidential_Computing_Formal_Analysis_of_Attested_TLS
[1] https://datatracker.ietf.org/doc/draft-yusef-tls-pqt-dual-certs/ [2] https://mailarchive.ietf.org/arch/msg/tls/ZRuadgaS5z_LM25YSA6qIOF2VbU/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
