On 10/02/2020 19:56, Eric Rescorla wrote: > https://blog.mozilla.org/security/2020/01/21/crlite-part-3-speeding-up-secure-browsing/ Nice! Hope the experiment goes well as it seems a good-looking idea. Bit of a pity this mechanism also pushes towards more centralisation, (IIUC). But on balance, that's not a huge deal, the Mozilla version of this being part of the already-centralised (via browser-makers/root store operators) webpki. Anyway overall I take this as more evidence that x.509-based pki has outlived it's useful lifetime. Given the webpki needs CT (which it totally does) and now maybe novel revocation mechanisms like this, (as well as soon-to-be PQ schemes if we believe what people tell us), I'd argue it may well be time to try see if there's any consensus on a post-x.509 direction towards which to head. Cheers, S.
Attachment:
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
