> Ideally, you'd want certificates to be able to have two signatures during > the transition period, in order to support clients who have transitioned and > those who have not.
> Hosting multiple certificates and switching based on the client is feasible, > but requires some technical wizardry and isn't possible in all situations. For my understanding, why is the former (double-signed certs, where either signature is trusted) better than the latter (multiple certs with different algorithms)? The latter is currently supported by some TLS servers. Cheers, Andrei _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
