<div dir="ltr"><p style="box-sizing:inherit;margin:0px;padding:0px;border:0px;font-size:16px;vertical-align:baseline;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;line-height:1.5;color:rgba(0,0,0,0.9);font-family:-apple-system,system-ui,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue","Fira Sans",Ubuntu,Oxygen,"Oxygen Sans",Cantarell,"Droid Sans","Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Lucida Grande",Helvetica,Arial,sans-serif;white-space:pre-wrap">One of the items that amuse me is that X.509 certificates, which vary from about 1k to 4k in size, require a chain of 3 CAs for about 4 to 16k and considering the OCSP/CRL chains for the CAs, could be another times 4, the authentication is usually the networking end-point service like a web server/client on an IP/FQDN which generally is under 512 bytes. </p><p style="box-sizing:inherit;margin:0px;padding:0px;border:0px;font-size:16px;vertical-align:baseline;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;line-height:1.5;color:rgba(0,0,0,0.9);font-family:-apple-system,system-ui,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue","Fira Sans",Ubuntu,Oxygen,"Oxygen Sans",Cantarell,"Droid Sans","Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Lucida Grande",Helvetica,Arial,sans-serif;white-space:pre-wrap"><br style="box-sizing:inherit"></p><p style="box-sizing:inherit;margin:0px;padding:0px;border:0px;font-size:16px;vertical-align:baseline;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;line-height:1.5;color:rgba(0,0,0,0.9);font-family:-apple-system,system-ui,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue","Fira Sans",Ubuntu,Oxygen,"Oxygen Sans",Cantarell,"Droid Sans","Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Lucida Grande",Helvetica,Arial,sans-serif;white-space:pre-wrap">Shouldn't it be time to improvise on this, I think it should be one of the main initiatives at IETF? Given, the amount of new nodes, we may just be creating a new IPv4 type problem which will taken over an eon to adapt out from with an excessive amount of wasted keys, storage and asn.1 fields, apart from the CVE patching for over 30+ yrs. of X.509.</p><p style="box-sizing:inherit;margin:0px;padding:0px;border:0px;font-size:16px;vertical-align:baseline;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;line-height:1.5;color:rgba(0,0,0,0.9);font-family:-apple-system,system-ui,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue","Fira Sans",Ubuntu,Oxygen,"Oxygen Sans",Cantarell,"Droid Sans","Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Lucida Grande",Helvetica,Arial,sans-serif;white-space:pre-wrap"><br></p><p style="box-sizing:inherit;margin:0px;padding:0px;border:0px;font-size:16px;vertical-align:baseline;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;line-height:1.5;color:rgba(0,0,0,0.9);font-family:-apple-system,system-ui,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue","Fira Sans",Ubuntu,Oxygen,"Oxygen Sans",Cantarell,"Droid Sans","Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Lucida Grande",Helvetica,Arial,sans-serif;white-space:pre-wrap">Also, PKIX group was canned, however, someway this has surged with 64K certs and about huge SAN lists of 100/200 entries.</p><p style="box-sizing:inherit;margin:0px;padding:0px;border:0px;font-size:16px;vertical-align:baseline;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;line-height:1.5;color:rgba(0,0,0,0.9);font-family:-apple-system,system-ui,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue","Fira Sans",Ubuntu,Oxygen,"Oxygen Sans",Cantarell,"Droid Sans","Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Lucida Grande",Helvetica,Arial,sans-serif;white-space:pre-wrap"><br></p><p style="box-sizing:inherit;margin:0px;padding:0px;border:0px;font-size:16px;vertical-align:baseline;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;line-height:1.5;color:rgba(0,0,0,0.9);font-family:-apple-system,system-ui,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue","Fira Sans",Ubuntu,Oxygen,"Oxygen Sans",Cantarell,"Droid Sans","Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Lucida Grande",Helvetica,Arial,sans-serif;white-space:pre-wrap">Ponderer,</p><p style="box-sizing:inherit;margin:0px;padding:0px;border:0px;font-size:16px;vertical-align:baseline;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;line-height:1.5;color:rgba(0,0,0,0.9);font-family:-apple-system,system-ui,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue","Fira Sans",Ubuntu,Oxygen,"Oxygen Sans",Cantarell,"Droid Sans","Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Lucida Grande",Helvetica,Arial,sans-serif;white-space:pre-wrap">Tushar</p></div>