One possible tls change that isn't mentioned here: Initially just send a hash of... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		thayne on March 23, 2024 \| parent \| context \| favorite \| on: Post-quantum cryptography is too damn big One possible tls change that isn't mentioned here: Initially just send a hash of the intermediate signature. The client would keep a cache of intermediate certificates, and if it didn't already have the cert in its cache, then request the full signed intermediate cert. The downside for that is that you have to maintain a cache, which would be difficult for some non-browser applications.

FiloSottile on March 23, 2024 [–]

That’s the first TLS change suggestion, under the “Intermediate elision” heading.

thayne on March 23, 2024 | | [–]

Not quite, that is described as using transparancy logs to distribute the intermediate certs. Not optionally passed inline.

hinkley on March 23, 2024 | | [–]

Wait, are we talking about removing OCSP stapling from TLS?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact