Hiya,
On 30/04/2026 07:52, Viktor Dukhovni wrote:
And yes, the introspection API currently does not support returning multiple matching TLSA records and certificates (or RPKs) at the conclusion of the handshake, nor reporting multiple signature algorithms as having played a role... So reporting the resulting state gets rather hairy.
Yep, I think I agree that David's point about APIs is valid, but could be worked around. (I'm also not that convinced by the same API argument as used in the plants design, but that's another story;-)
So, while I'm not explicitly indicating which of composites or multi-certs I dislike more, there are definitely complications in both I'd strongly prefer to entirely avoid.
That seems fair, though I do think composites are worse in the longer term than multi-certs because web servers will in all cases need to be configured with both trad certs and pure PQ certs just to keep interop with all clients. (Or, perhaps in future with multiple PQ sig alg certs as the deployment of those algs evolves.) I'm also not sure how to evaluate the real risk of (a singular) pure PQ sig versus a multi-cert approach, but if nobody really wants to take the pain of a multi-cert thing, then I guess we may just have to live with the situation that individual TLS sessions are either authenticated via one trad alg or one pure PQ one. Cheers, S.
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
