On 07/15/2016 12:34 PM, Andrei Popov wrote: >> The I-D actually covers this. > Understood; the I-D lists a few cons, but arguably none of them are blocking > issues. It seems unnecessary to create a new TLS-specific mechanism that > duplicates existing PKI semantics. >
I think the main justification is supposed to be that there's a big impedance mismatch between the engineering reality of interacting with PKI CAs and the engineering demands seen in the field. -Ben _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls