Falko Strenzke <[email protected]> writes: >Strongly unforgeable signatures do not lead to unique X.509 certificates
The solution to this problem is to think in terms of allowlists, not blocklists, even though this goes against decades of established X.509 bad practice, in turn based on older bad practice with credit-card blacklists [0], which goes back to even older bad practice with cheque blacklists (hey, it's gotta start working some time if we just keep doing it again and again). If you encode a certificate non-canonically it's no longer valid in an allowlist environment, while with a blocklist it is. So you don't need to Rube-Goldberg your signatures, just change the way you think about working with certs. Peter. [0] They were still called blacklists back then. _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
