On Fri, Dec 15, 2017 at 07:25:20PM +0000, Andrei Popov wrote: > > Ideally, you'd want certificates to be able to have two signatures during > > the transition period, in order to support clients who have transitioned and > > those who have not. > > > Hosting multiple certificates and switching based on the client is feasible, > > but requires some technical wizardry and isn't possible in all situations. > > For my understanding, why is the former (double-signed certs, where either > signature is trusted) better than the latter (multiple certs with different > algorithms)? The latter is currently supported by some TLS servers.
Because the latter is only supported by some TLS servers. And even if the TLS server nominally supports multiple certificates, there may be other issues. E.g., OCSP stapling does not work correctly with multiple certificates. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
