[Cryptography] [messaging] Gossip doesn't save Certificate Transparency

Jerry Leichter leichter at lrw.com
Wed Oct 15 18:32:21 EDT 2014


On Oct 14, 2014, at 8:46 PM, Bill Frantz <frantz at pwpconsult.com> wrote:
>>> * We can't even ship a complete list of revoked keys in our CRLSets,
>>> for size reasons — forget about pins for all sites.
>> Why?  I did the calculation in my original posting.  You can cover the top 100,000 sites in 30MB.  That's the size of a couple of image files used to make the browser demos look nice.
> 
> Here I'm sitting, using my phone for Internet with a 2 gig limit before the charges start coming in. I avoid 30MB downloads like the plague.
a)  Deltas will be tiny.  How often does a site need to change its keys?
b)  You never connect to WiFi?  Just how up-to-the-minute do you need your list of keys to be?

> At home, with "unlimited" (i.e. how much bandwidth does DSL have anyway), I would feel differently. I also have friends with only dialup, and they will indeed feel very differently from me.
What modern web sites are they looking at over dialup?

At some point, one has to move on and stop supporting IE6 :-).  Should we also worry about people still using 2400 baud modems?

                                                        -- Jerry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141015/e96713e4/attachment.bin>


More information about the cryptography mailing list