It is true that a certificate is not needed, however in the cases that we are looking at - cross-organization requests - it will be more likely to want to include it than not. Otherwise you have a much harder problem of supporting referring to and fetching the certificate in order to validate the signature. That said, I would hope that it would be possible to not do any signatures at all. I just don't know that it is realistic to require that the signature be omitted.
jim > -----Original Message----- > From: Cantor, Scott [mailto:[email protected]] > Sent: Monday, February 11, 2013 7:13 AM > To: Jim Schaad; 'Alejandro Perez Mendez'; 'Sam Hartman' > Cc: [email protected]; [email protected] > Subject: Re: [abfab] Fwd: New Version Notification for draft-perez-radext- > radius-fragmentation-05.txt > > On 2/11/13 9:39 AM, "Jim Schaad" <[email protected]> wrote: > > >I just created a really simple one, and it was less than 1K in size. > >However, this assumes that it is not signed. If you sign it then it > >will quickly jump in size as you are going to be looking at have a > >certificate and a signature included in the message which will likely > >be greater than 4K. > > You don't have to include a certificate to sign a message, though. > > Not that it isn't large anyway, but it's not impossible to stay under 4k even > when signing. > > -- Scott _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
