On Tue, Nov 8, 2016 at 12:53 AM, Kurt Roeckx <[email protected]> wrote: > On 2016-11-07 18:25, Ryan Sleevi wrote: >> >> This is why it's vitally important that clients fetch inclusion proofs in >> some manner > > > Have you considered a TLS extension, have the server fetch them and send to > the client?
Yes, but the client still has to fetch proofs (this would be from STH-server to STH-client or from STH-server-A to STH-server-B) and much of the data would be duplicative (because it's a merkle tree). It would also have to be continually updated by the servers. And of course, the simplest reason of all, which is that if it relies on server change, it won't happen. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
