[TLS] Antwort: Re: Verifying X.509 Certificate Chains out of order

To: tls at ietf.org
Subject: [TLS] Antwort: Re: Verifying X.509 Certificate Chains out of order
From: Axel.Heider at gi-de.com
Date: Wed, 8 Oct 2008 15:13:12 +0200
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <E1KnBcw-0000hC-1u at wintermute01.cs.auckland.ac.nz>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Sender: tls-bounces at ietf.org

Peter,

> Again, how can you create an implementation that can run the entire SSL
> protocol but can't manage a few 32-bit pointers across three or four 
certs?
> This seems like a total red herring, it's difficult to think of an
> implementation that can perform the necessary cert verification but 
somehow
> can't manage an extra pointer swap.

It's not the pointers, but the certificates that need to be stored 
temporary, too. If you sum all this little things that could be 
allowed at the cost of just some more memory, using TLS for low end 
devices becomes harder and harder - and less interesting despite it
beeing a well known standard that people really trust in.


regards,
Axel Heider
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] Verifying X.509 Certificate Chains out of order
  - From: Peter Gutmann

Prev by Date: Re: [TLS] Verifying X.509 Certificate Chains out of order
Next by Date: [TLS] W3C Content Transformation Proxies guidelines and security
Previous by thread: Re: [TLS] Verifying X.509 Certificate Chains out of order
Next by thread: Re: [TLS] Verifying X.509 Certificate Chains out of order
Index(es):
- Date
- Thread

[TLS] Antwort: Re: Verifying X.509 Certificate Chains out of order

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.