On 10/10/2023 17:53, Russ Housley wrote:
Dennis:
If we are going to allow a certificate to include pointers to
externally stored public keys, I think a solution that works for the
Web PKI and other PKI environment as well.
I'm trying to understand the use case of certificates with pointers to
externally stored public keys. What's the value in splitting these
objects? If you're going to cache a public key, why not cache the whole
certificate?
The suggestion of Abridged Certs is just one way to do that caching. If
the external fetching via URL is the key feature - you could define a
certificate compression scheme which compresses and decompresses a
certificate to a URL.
I skimmed the LAMPS list as well, but I did not see any discussion of
the rationale there.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls