>>> - can cache or fetch the peer public keys in order to do KEMTLS
>> I did not say that. As far as I can tell now, there's no way to fetch
> (outside/OOB of this protocol) peer's pub keys or certs.
>
>draft-ietf-tls-esni does it with DNS HTTPS RRs, but indeed it would
> require new
On Fri, Jul 16, 2021 at 04:55:49PM -0700, Christopher Wood wrote:
> This is the second working group last call for the "A Flags Extension for TLS
> 1.3" draft, available here:
>
> https://datatracker.ietf.org/doc/draft-ietf-tls-tlsflags/
>
> Please review this document and send your comment
Thx. Understood.
>> - can cache or fetch the peer public keys in order to do KEMTLS
> I did not say that. As far as I can tell now, there's no way to fetch
> (outside/OOB of this protocol) peer's pub keys or certs.
draft-ietf-tls-esni does it with DNS HTTPS RRs, but indeed it would require new
On Jul 22, 2021, at 00:46, Kampanakis, Panos wrote:
>
> Hi Uri,
>
> Thank you for the clarifications.
>
> So you have a usecase that
> - want to use PQ algorithms
> - is significantly affected by an extra 1-2 or 4-5KB on the link
> - does not send a cert chain, only leaf certs
Yes.
> - ca
