Russ Housley <housley(_at_)vigilsec(_dot_)com> writes:
I can see many situations where the information in this is not
sensitive. In fact, in the primary use case, the use mapping
information is not sensitive. An enterprise PKI is used in this
situation, and the TLS extension is used to map the subject name in
the certificate to the host account name.
But then we're left with the performance rationale that the user has
some semi-infinite number of mappings that makes it impossible to send
all of them and too hard to figure out which one. In light of the fact
that in the original -01 proposal there wasn't even any negotiation
for which type of UME data should be sent, is there any evidence that
this is going to be an important/common case?
Ietf mailing list