On Thu, May 15, 2025 at 04:46:43PM +0200, Hannes Reinecke wrote: > With this patch the keyring is pretty much immaterial; the interface > is passing in a serial number which is unique across all keyrings. > Where the keyring comes in when looking up keys on the TLS server, > as there the TLS client hello only transports the key description > (which are not required to be unique across all keyrings). > So there we'll need the keyring to be specified. > But for the client we really don't. Yes. Patch 1 on it's own actually works fine-ish. The big difference is that the keys would have to be made user-readable as without the keyring, tlshd would not be the possesor of the key.
