> > If you are going to do this, you might as well go the whole hog and > provide a mechanism that allows the client to say if it already has a cert > on file for that particular host, e.g. by means of a digest. >
If clients cache intermediates as they go, then reporting that list to a server is an obvious privacy issue. When you restrict to a fixed set, updated in unison, we essentially return to reach Dennis' proposal. Best, Bas
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls