On Fri, Jul 15, 2016 at 05:34:40PM +0000, Andrei Popov wrote: > > The I-D actually covers this. > Understood; the I-D lists a few cons, but arguably none of them are > blocking issues. It seems unnecessary to create a new TLS-specific > mechanism that duplicates existing PKI semantics.
IMO, the draft severly understates the cons. Basically, NC certs aren't feasible except for the bigger shops that can afford the $$$ and the difficulty needed. Also, it doesn't look like the semantics are complicated. E.g one can completely skip revocation by making things short-lived (because revocation on short timescales simply does not work anyway). -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
