On Fri, Jun 6, 2025 at 1:18 PM Nico Williams <nico@cryptonector.com> wrote:
> However no one will be using a discrete or firmware TPM for TLS server
> certificate private key usage: discrete TPMs are way way too slow for
> that, and firmware TPMs are... also way too slow. You wouldn't bother
> with a software TPM for this unless it's for privilege separation.
There are other cryptographic things users could be doing on the
server side, too, via extensions, or even other library dependencies
that themselves rely on OpenSSL.
But in any case, what you've written seems reasonable to me, and I
don't have any reason to gum up the works, so I'll pipe down. (I've
asked around internally to see if there are any concerns, too; I'm
happy to share if I find anything.)
Thanks!
--Jacob