On Sat, Jul 20, 2024, 06:13 Mike Shaver <[email protected]> wrote:
> > > On Sat, Jul 20, 2024 at 8:59 AM Ilari Liusvaara <[email protected]> > wrote: > >> Allowing various embedded and IoT stuff to migrate off of WebPKI would >> be of immense value. Such stuff using WebPKI has been source of gigantic >> amount of pain. > > > I agree with your second sentence very much, but I don’t understand your > first one. In what way are these non-web systems not allowed to use other > PKI models today? How would trust anchors provide that permission? > > Mike > If the same server serves both embedded/IoT traffic and web browser traffic, but we aim for the two to use different PKIs, the server needs to arrange to serve different certificates to each. To do that, we need trust anchor negotiation story. David _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
