On Sat, Jul 20, 2024, 06:13 Mike Shaver <mike.sha...@gmail.com> wrote:
> > > On Sat, Jul 20, 2024 at 8:59 AM Ilari Liusvaara <ilariliusva...@welho.com> > wrote: > >> Allowing various embedded and IoT stuff to migrate off of WebPKI would >> be of immense value. Such stuff using WebPKI has been source of gigantic >> amount of pain. > > > I agree with your second sentence very much, but I don’t understand your > first one. In what way are these non-web systems not allowed to use other > PKI models today? How would trust anchors provide that permission? > > Mike > If the same server serves both embedded/IoT traffic and web browser traffic, but we aim for the two to use different PKIs, the server needs to arrange to serve different certificates to each. To do that, we need trust anchor negotiation story. David _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
