TLS 1.3 also changes which of the certificates that can be omitted. TLS 1.2 (and earlier) only allows omitting the self-signed root certificate while TLS 1.3 allows omitting any trust anchor certificate. This would be useful in cases where the possessed trust anchors are known.
TLS 1.2: "the self-signed certificate that specifies the root certificate authority MAY be omitted from the chain, under the assumption that the remote end must already possess it in order to validate it in any case." TLS 1.3: "a certificate that specifies a trust anchor MAY be omitted from the chain, provided that supported peers are known to possess any omitted certificates." RFC 7924 seems useful, but only shortens the server’s certificate list. To shorten the client’s certificate list, the cached information extension would have to be sent in the CertificateRequest from the server. As far as I can understand, this is not allowed in TLS 1.3. It should probably be added.
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu