Hi Steve, thanks for the comments. I see there is no interest from the list about this issue -- so I do not think I will invest time and effort in it. I am a bit surprised about the fact that people are not interested, but I will adapt. Maybe I'll just add the extension to our software and as a browser extension.. :D Later, Max On 11/20/2009 04:50 PM, Stephen Kent wrote:
Max, I could imagine a brief document that suggests that a client who wishes to obscure the ID of the cert of interest can make requests for multiple certs, or that the client just use CRLs. I do worry that a client might not know valid serial numbers for other certs from the CA in question and, as a result, might have a hard time producing queries that were consistent i this regard. In any case, I am not enthusiastic about any changes to the base protocol, as opposed to guidance on how to use the protocol in a more privacy-preserving fashion.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.