On Thu, Feb 26, 2015 at 03:37:04PM -0500, Stephen Kent wrote: > Ben, > > >My thinking is that: > > > >1. There is concern, generally, about the size of certificates (really > >about the size of handshakes).
> That concern varies a lot, depending on context. I don't agree that this > is a universal, major concern. Look at JSON; it's use of XML encoding > suggests no concern about bloat in a web context. This isn't a *web* context, though; it's a TLS session establishment context. Bloating the handshake so as to require an additional round trip increases session establishment time, which degrades user experience -- something which is generally considered a bad thing. > >3. Embedding SCTs in certs runs the risk that the SCTs will become invalid > >before the cert does. > > until we have a precise description of how a client will deal with an > invalid SCT, we can't really evaluate the implications of this potential > mismatch. Also, what causes an SCT to become invalid?. An SCT becomes invalid when the log which issued it ceases to be trusted by the browser. - Matt _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
