The WebPKI has a few features that enable this, which other PKIs really should consider adopting. It's one of the few fully transparent PKIs I'm currently aware of, where all of the intermediate and root CAs, and most of the end entity certificates are publicly known and available.
For those reasons, doing this for the WebPKI first and expanding outward from there makes a lot of sense. I support adoption as well. -Tim > -----Original Message----- > From: TLS <tls-boun...@ietf.org> On Behalf Of Stephen Farrell > Sent: Tuesday, August 1, 2023 5:18 PM > To: Christopher Wood <c...@heapingbits.net>; TLS@ietf.org > Subject: Re: [TLS] Adoption call for draft-jackson-tls-cert-abridge > > > Hiya, > > I saw the presentation and scanned the draft and support adoption on the > basis that this could be useful before any certificates using PQC algorithms > are > in play so the target of an experimental RFC is fine, even moreso as I could > imagine details/codepoints changing over time as new better compressions > are found. > > I could see this also being a valuable input to work that aims to evolve PKI > in > the face of a potential CRQC but I think it'd be premature to adopt on that > basis alone as that overall topic needs broader consideration (best done IMO > in a year or two and not now). In any case, I guess the CCADB doesn't and > won't have entries using PQC algs for some time, and they might decide to > handle things in some other way themselves so I'm not sure adopting this as a > PQ scheme now actually makes sense. > > IIUC it's also a bit of a pity that this'd be formally limited to the WebPKI, > being > based on the CCADB. I guess handling the pretense that nobody uses > letsencrypt for smtp/tls is probably better handled as part of another > discussion elsewhere. (One worth having though.) > > Cheers, > S. > > > On 01/08/2023 20:35, Christopher Wood wrote: > > Hi all, > > > > Based on positive feedback received during IETF 117, this email begins an > adoption call for "Abridged Compression for WebPKI Certificates" (draft- > jackson-tls-cert-abridge). > > > > The datatracker page for this document can be found here: > > https://datatracker.ietf.org/doc/draft-jackson-tls-cert-abridge/ > > > > And the GitHub repository can be found here: > > https://github.com/dennisjackson/draft-jackson-tls-cert-abridge > > > > Please indicate whether or not your support adoption of this document in its > current state. Procedure questions raised during the WG meeting last week > can be ironed out in the event of this item being adopted. > > > > This call for adoption will conclude on August 16. > > > > Thanks, > > Chris, for the chairs > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
