On 05/24/2016 11:18 PM, Martin Thomson wrote:
> On 24 May 2016 at 19:06, Kyle Nekritz wrote:
>> What is the rationale for restricting a change in certificate? If the server
>> has a new certificate that the client would accept with a full handshake,
>> what threat is added by also accepting that
I think that there are four levels of continuity that make sense here :
1. None. Anthony can change.
2. Server name. I.e. SNI stays constant.
3. Public key (and SNI) stays constant.
4. The certificate stays the same.
The use case of short-lived certs is served by 2. 3 might also work. I
think tha
