Hi Paul, > On Sep 9, 2024, at 9:28 PM, Paul Wouters via Datatracker <[email protected]> > wrote: > > Related question: Is it one certificate+key that used for the TLS connection > as > well as to sign data within the payload of packets?
The issue you’re raising is one that could’ve (should’ve?) been discussed when the "tls-client-server" draft was being reviewed. In that document, only a single key+certificate is configurable, by each peer, for the TLS connection. Specifically, there is not one key+cert for encrypting and a different key+cert for signing. I hear about this Security best practice often, but never seen it used in the wild. How important is this? Kent // author of the tls-client-server draft (aka RFC-to-be-9645)
_______________________________________________ netmod mailing list -- [email protected] To unsubscribe send an email to [email protected]
