On Jan 6, 2021, at 17:01, Eric Rescorla <e...@rtfm.com> wrote:
> 
> 
> This is not strictly correct: TLS allows both the client and the server to 
> advertise their supported signature algorithms, which can be used by the peer 
> to guide certificate selection.

How common is it for TLS servers to have multiple signature algorithm / 
certificates configured to support this?

For you IPsec, which has a similar issue, I have never seen a server configured 
with two certificates, eg to use RSA or ECDSA, or seen opensource software 
supporting this.

Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to