On 20 Jun 2025, at 21:49, Branko Čibej <br...@apache.org> wrote: > Misunderstanding here. It's clearly possible to do this without exposing the > URIs in the public API, and it's what we should do. I agree it's unlikely > that a user would want to, e.g., request certs from the macOS Keychain > instead of the Windows certificate store while running on Windows. Although, > who knows what kind of weirdness happens in enterprise deployments. > > I was merely speculating on some bright future where Serf had a crypto > abstraction layer. Sorry for the confusion.
In the world of cryptography the URI is that abstraction, and has been for a long time. There is no need to try and reinvent that wheel, it is a solved problem. Regards, Graham --
