Hot on the heels of our work with dual algorithm certificates in TLS 1.3, it is now time to announce that we are going to be working on chameleon certificates! No, we are not talking about certified colour shifting lizards!
Chameleon certificates are specified in the IETF draft.
While it might seem like a long document, most of it is a listing of test vectors and the text is quite accessible; even for non-technical readers. That said, if you are looking for a summary of what these certificates do, read on.
The draft RFC defines an X.509 certificate extension for specifying how to overwrite certain fields of the certificate that contains it to transform that certificate into another certificate. Essentially this means you have 2 certificates in one!
So how does this relate to dual algorithm certificates? Well, it can serve the same function as a dual algorithm certificate. It can allow 2 algorithms to sign the same certificate! It is a new way to do hybrid certificates.
Want to learn more or have questions about any of the above? Sending us a message to facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now