On 26 August 2015 at 14:11, Joseph Salowey <[email protected]> wrote: > "Because certificate validation requires that trust anchors be distributed > independently, a self-signed certificate that specifies a trust anchor MAY > be omitted from the chain, provided that supported peers are known to > possess any omitted certificates they may require."
I always thought that the primary reason for omitting a certificate was that you had a good reason to expect that clients had the certificate already. Whether the certificate is self-signed seems like a poor proxy for that. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
