On Wed, Jan 6, 2021 at 2:15 PM Paul Wouters <p...@nohats.ca> wrote: > On Jan 6, 2021, at 17:01, Eric Rescorla <e...@rtfm.com> wrote: > > > > > > This is not strictly correct: TLS allows both the client and the server > to advertise their supported signature algorithms, which can be used by the > peer to guide certificate selection. > > How common is it for TLS servers to have multiple signature algorithm / > certificates configured to support this? >
I don't have measurements for this offhand. It typically happens during periods of transition, for instance between SHA-1 and SHA-256. I believe we also saw it when servers had certificates with both RSA and EC keys. -Ekr
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
