On Wednesday, 12 July 2023 06:02:09 CEST, Kampanakis, Panos wrote:
Hi Dennis,
One more topic for general discussion.
The abridged certs draft requires a server who participates and
fetches dictionaries in order to make client connections faster.
As Bas has pointed out before, this paradigm did not work well
with OSCP staples in the past. Servers did not chose to actively
participate and go fetch them.
The problem with OCSP staples is that it has little immediate benefit for
the
server operator, so there was no strong push to:
1. get it implemented in the TLS libraries
2. have it implemented in the web servers
3. backport those changes to stable branches (of both libraries and web
servers)
4. either rebase or backport the changes to long-term support Linux
distributions
It takes years for such changes to trickle down.
--
Regards,
Hubert Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls