Hi David,
Interesting idea. Seems like a radical, hard change but I want to understand it
better. Some clarifications:
- Previously, in the ICA suppression draft you had correctly brought up the
challenge of keeping an up-to-date ICA cache while most browsers are not up to
date. The Merkle tre
Hi Hubert,
I am not an author of draft-davidben-tls-merkle-tree-certs, but I had some
feedback on this question:
RFC7924 was a good idea but I don’t think it got deployed. It has the
disadvantage that it allows for connection correlation and it is also
challenging to demand a client to eithe
Come embrace the temptations of the Sea-SIDH!
Intermediate certs are rarely used, so that would achieve 204 byte sig
on intermediate+ 64 byte intermediate key + 204 byte sig of EE cert
since the signing time doesn't matter. Then with SCT and OCSP, it's
204 bytes each.
As for the actual proposal,
