<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
On 03/23/2013 12:57 AM, From Ryan Sleevi:
<blockquote
cite="mid:CACvaWvYraWiMb2yXou7+SuC=NATGPDCZYJFRD0eC5zTUkwZGbA@mail.gmail.com"
type="cite">
<div dir="ltr">[RS] Every byte is critical during the critical
SSL/TLS handshake - especially with the small INITCWNDs that
exist today. CAs SHOULD be able to offer as small a cert as
possible that provides the same security guarantees -
performance matters, and if CAs wish to sell more certificates,
the best way to do so is to help customers realize savings that
puts the cost of SSL on par - or LESS than - unencrypted
traffic.</div>
</blockquote>
<br>
I'd like to add here to my previous comment that if something
doesn't need a secure transaction, make it plain text. For the
benefit of encryption, I assume that you can invest 100 ms for a
revocation check. That's the price to pay plus a few bytes for the
increased certificate's size with CRL/OCPS DPs (which happens once
for the life time of the cert per client).<br>
<br>
Certificates without revocation checking (or browsers that don't
check the certificate status) don't need encryption. In my opinion
both lost the cause for encryption and it would be cheaper to just
skip it and go plain text.<br>
<br>
But if making OCSP update requirements to 24 hours will bring your
browser back to support revocation checking, I'll support such a
proposal.<br>
<br>
My 0.02 US$<br>
<br>
<br>
<div class="moz-signature">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
<br>
</body>
</html>