Dennis: >> If we are going to allow a certificate to include pointers to externally >> stored public keys, I think a solution that works for the Web PKI and other >> PKI environment as well. > > I'm trying to understand the use case of certificates with pointers to > externally stored public keys. What's the value in splitting these objects? > If you're going to cache a public key, why not cache the whole certificate? > > The suggestion of Abridged Certs is just one way to do that caching. If the > external fetching via URL is the key feature - you could define a certificate > compression scheme which compresses and decompresses a certificate to a URL. > > I skimmed the LAMPS list as well, but I did not see any discussion of the > rationale there.
This has not yet been discussed on the LAMPS mail list, thus there is no consensus that this is a good idea, Russ _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
