Hi all! Apologies for the odd and potentially silly question. GSMA are working on future SIM specifications which use TLS and previously included the trusted_ca_keys to allow a client to inform a server which particular key(s) from a CA it is supporting. In TLS 1.3 the ‘trusted_ca_keys’ extension is no longer used. It does have the “certificate_authority” extension however, but it seems to only identify the CA organisation by its DistinguishedName. If the CA supports multiple keys – how can a client point a particular cert/key of that CA?*
Thanks and sorry for posting to the group! Natasha This email and its attachments are intended for the above named only and may be confidential. If they have come to you in error you must take no action based on them, nor must you copy or show them to anyone; please reply to this email or call +44 207 356 0600 and highlight the error. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
