On Sat, Mar 06, 2021 at 01:21:14AM -0500, Viktor Dukhovni wrote: > I suspect that in at least some cases the motivation to revalidate the > server certificate is only requested because it could be done in > principle, and ticks some checkbox about using CRLs, because they > exist, rather than from a clear threat this addresses.
I agree. There's no need. > However, it is possible that there actually exist use-cases where this > makes some sense, and that case, If connection lifetimes would otherwise > last unacceptably long, make a new connection, and close the old (in > some appropriate order). Yeah, but then, in 2021 BGP still depends on long-lived connections... _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
