Hi Ana, >Well, you could go for the usage of the Hash and URL CERT. In case of >CRL, probably OCSP could be more suitable. Or, carefully chosen >certificate lifetimes could reduce the size of revocation lists. But >again, what is then the advantage of this approach?
Imho, in CGA, the hosts already have a pair of public/privat keys. Now that the key pair is may provide protection for the negotiation messages. I think that it will let the negotiation more simple. Is is right? Thank you. 2009-06-11 Dong Zhang
_______________________________________________ CGA-EXT mailing list [email protected] https://www.ietf.org/mailman/listinfo/cga-ext
