<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span style='font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222;background:white'>Please note:</span><span style='font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222'><br><br></span><a href="http://datatracker.ietf.org/doc/draft-hallambaker-compressedcrlset/" target="_blank"><span style='font-size:9.5pt;font-family:"Arial","sans-serif";color:#1155CC;background:white'>http://datatracker.ietf.org/doc/draft-hallambaker-compressedcrlset/</span></a><span style='font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222'><br><span style='background:white'>Also note the pending IPR disclosure.</span><br><br><span style='background:white'>In brief Rob Stradling and myself have come up with a radically new</span><br><span style='background:white'>approach to certificate status that is vastly more efficient than any</span><br><span style='background:white'>previous proposal that provides finer grain certificate status than</span><br><span style='background:white'>the certificate validity interval.</span><br><br><span style='background:white'>While compressing hash tables might appear to be a fools errand, it</span><br><span style='background:white'>turns out that if the problem is correctly understood, CRLs actually</span><br><span style='background:white'>compress astonishingly well. It is actually possible to represent the</span><br><span style='background:white'>status of every one of the half million revoked certificates in the</span><br><span style='background:white'>WebPKI using fewer bytes than the heavily edited Google CRLSet.</span><br><br><span style='background:white'>There is still a powerful case for short lived certificates. But the</span><br><span style='background:white'>minimum feasible expiry interval for short lived certs is 48 hours.</span><br><span style='background:white'>Using a compressed CRL in combination with short lived certs would</span><br><span style='background:white'>allow the vulnerability window to be reduced to minutes.</span><br><br><br><span style='background:white'>We are of course aware that deployment will require a licensing regime</span><br><span style='background:white'>that meets the need of all parties including competing CAs, open</span><br><span style='background:white'>source software providers, etc. However lacking an existing licensing</span><br><span style='background:white'>regime for the rights holder (if indeed any are granted), I thought it</span><br><span style='background:white'>best to bring this to people's attention first.</span><br><br><span style='background:white'>The nature of the invention is such that not applying for a patent</span><br><span style='background:white'>would open the possibility that someone else might make a claim as has</span><br><span style='background:white'>happened to me on numerous other occasions. In the past five years</span><br><span style='background:white'>over $50 million has been spent on defending against such patent</span><br><span style='background:white'>claims.</span></span><o:p></o:p></p></div></body></html>