But I think the problem is that there is no TLS alert for “revocation status inaccessible”.
Best, Xiaoyin From: Salz, Rich<mailto:rs...@akamai.com> Sent: Monday, October 24, 2016 2:15 PM To: Ryan Carboni<mailto:rya...@gmail.com>; tls@ietf.org<mailto:tls@ietf.org> Subject: Re: [TLS] How should inability to access key revocation lists impact the TLS handshake? > How should inability to access key revocation lists impact the TLS handshake, > if previous public keys and/or certificate hashes are not cached? Nobody does revocation on the web, for some almost all encompassing definition of nobody. Instead, OCSP and OCSP stapling. > I cannot see this in the standard. Considering that all one has to do is DDOS > a certificate authority nowadays... General PKI and key lifecycle issues are, properly, not part of the TLS spec. /r$ _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls