On Mon, Mar 09, 2026 at 02:52:34PM -0700, Aaron Gable wrote: > > I'm supportive of splitting the `pk` identifier type and the `pk-01` > challenge into a separate draft. I think there's a lot to discuss even with > a scope that small, including alternative challenge types like performing a > tls-alpn-01-style handshake using the keypair. I also freely admit that > this is the portion of the draft that I both care about (as someone who has > been promoting the idea of a pubkey identifier type for a while) and that I > actually understand.
I think that having the server send a nonce in challenge and client returning TLS 1.3-compatible signature in challenge acknowledge would be much simpler than messing with TLS handshakes. -Ilari _______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
