Author: Kevin Chadwick Date: To: dng Subject: Re: [DNG] OpenSSL, BoringSSL, LibreSSL and TLS protocol
On 27/09/2024 13:35, Martin Steigerwald wrote: > However I did not look into how and to what extent TLS 1.3 and PQC are
> simpler than TLS 1.2.
>
TLS 1.3 reduces the cryptography options quite drastically. It's possible post
quantum crypto will complicate that again though. Hopefully not too much.
> And I do not really agree to top-down centrally managed trust
> relationships.
Agreed and this adds to the potential of certificate handling vulnerabilities.
OpenSSH certificate handling is much simpler.