> I would love to get feedback from the working group on whether the draft is worth developing further.
I read your document [1] and found it very interesting. I found the handling of extensions complicated, although I admit to reading that part very quickly. How much simpler would things be if the identifier were just a SHA256 hash of the CA, perhaps truncated? You send an array of (url, timestamp) as an extension, and then the server just sends the digest of its cert chain, perhaps even its own cert. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls