Thanks Tim, noted for a future editing round:
https://github.com/EntrustCorporation/draft-pq-external-pubkeys/issues/2
Panos,
I agree; the public key(s) in the cert(s) is only a subset of the TLS bandwidth
problem.
In the original 2021 version of this I-D, we had also considered externalizing
When considering caching large public keys for TLS (or other protocols), please
make sure the security considerations section carefully considers whether the
proposed mechanism leaks information about whether the client has previously
contacted the server and possibly how recently, etc.
-T
