Ilari Liusvaara <ilari.liusva...@elisanet.fi> writes: >a) ECDSA certs are usable for ECDH (modulo KeyUsage) because there is no >ECDSA-specific keytype in X.509.
That's always concerned me about ECC certs, all you can say about a key is "ECC", not "signing key" or "key agreement key" (I'm sure this was seen as a great feature when the key format was designed, "ECC is so much more flexible than RSA, you can use it for anything!"). My code explicitly ACLs ECC keys coming from certs to be signing-only in order to deal with this problem. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls