On Wed, Jan 6, 2021 at 2:15 PM Paul Wouters <[email protected]> wrote: > On Jan 6, 2021, at 17:01, Eric Rescorla <[email protected]> wrote: > > > > > > This is not strictly correct: TLS allows both the client and the server > to advertise their supported signature algorithms, which can be used by the > peer to guide certificate selection. > > How common is it for TLS servers to have multiple signature algorithm / > certificates configured to support this? >
I don't have measurements for this offhand. It typically happens during periods of transition, for instance between SHA-1 and SHA-256. I believe we also saw it when servers had certificates with both RSA and EC keys. -Ekr
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
