On Sat, Jan 28, 2023 at 03:03:54PM +0200, Ilari Liusvaara wrote:
> On Sat, Jan 28, 2023 at 08:35:40AM +, John Mattsson wrote:
> > Thanks Ilari for that very fast and detailed answer. I a made a PR to
> > RFC8446bis to suggest adding “A node MAY use the same certificate as
> > both server and c
On Sat, Jan 28, 2023 at 08:35:40AM +, John Mattsson wrote:
> Thanks Ilari for that very fast and detailed answer. I a made a PR to
> RFC8446bis to suggest adding “A node MAY use the same certificate as
> both server and client certificate.”, I don’t know if there should be
> more restrictions.
the application layer where TLS is used for several application layer protocols.
Cheers,
John
From: TLS on behalf of Ilari Liusvaara
Date: Friday, 27 January 2023 at 19:53
To: tls@ietf.org
Subject: Re: [TLS] Security of using same cert for TLS client and server
On Fri, Jan 27, 2023 at 06:01
On Fri, Jan 27, 2023 at 06:01:04PM +, John Mattsson wrote:
> Hi,
>
> - Using the same signature key or PSK for TLS and another protocol is
> obviously unsecure in the worst case. But probably practically
> secure in many cases even if nobody has proved it.
Well, looking at the signatures:
Hi,
TLS WG went through a lot of work (RFC 9258) to make sure that PSKs only be
used with a single hash function. But as far as I can see the RFC8446(bis) does
not say anything about:
* Using the same cert for TLS client and TLS server
* Using the same public key cert for TLS and anoth
