On Fri, 14 May 2021, Salz, Rich wrote:
* I suppose an algorithm could be added to the TLS SignatureScheme registry even if it did have one, two, or three hundred KB public keys and so was unlikely to ever be used for TLS. However, I just wanted to raise a potential issue with limiting Certificate Transparency to only using signature schemes approved for use with TLS.This is a reasonable point to consider, but as the WG has been in “get this draft published and then close” for a few years now, it’s probably too late.
Yes, I don't see this issue as one that would prevent this document from working. So we are not going to take this up now. So once this issue comes up in the future, or becomes plausible for needing a solution, it can be worked on in a new WG. Paul _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
