Tschofenig, Hannes (NSN - FI/Espoo) wrote: > Ask yourself: Is there indeed a problem with transferring the “long” > public keys (of the client, as you state below)?
I've seen this be a problem when the long keys require too many round trips. ~20K of data, or ~20 round trips is about the limit. One way to optimize this is to *not* send the certificates on every authentication. All implementations I've seen currently exchange all of the certs, including any CA chain. But I'm not sure that this is required. Sending only client/server cert would minimize the number of round trips. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu