Looks like a slippery slope to me. Hang on, I will get my skis.
If you are going to do this, you might as well go the whole hog and provide
a mechanism that allows the client to say if it already has a cert on file
for that particular host, e.g. by means of a digest.
Another approach to consider
Hi Simon,
Op za 12 aug 2023 om 16:00 schreef Simon Mangel :
> Note: We have already found an adaption for TLS 1.3 in academic work
> [Schwabe2021], where instead of caching the whole chain, each
> certificate is cached separately.
> This however leads to inconsistent signaling, as there is no
> d
Hi Simon,
Can you expand more on the intended use case? When would it make sense
to use a RFC7924-like mechanism over TLS 1.3's session resumption?
I skimmed RFC 7924 and session resumption seems strictly better as it's
already widely deployed, allows for the DH handshake to be optionally
el
