On 4/24/17 7:39 AM, Hannes Tschofenig wrote: >> There is enormous amount of red tape obtaining intermediates, even >> technically constrained ones. And as consequence, it is enormously >> expensive (through not nearly as expensive as public CA). > In essence you are doing this through the extension as well just using a > different format.
In some sense the proposal is about having a trusted issuer who's not included in public trust stores, which is a reasonable goal (there's a fantastic amount of work, including external audits, in having your intermediate included in browser trust stores, etc.). We haven't had a good delegation story since, like, ever, but now there's a somewhat compelling use case (CDNs) that needs attention and will benefit from a solution. Melinda
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls