[cabfperf] Recommended Max Number of SANs in a Certificate
Gervase Markham
gerv at mozilla.org
Fri May 2 02:59:11 MST 2014
On 01/05/14 17:55, Wayne Thayer wrote:
> Certificates with dozens of SAN entries have become common, in part due
> to the popularity of CDNs that use these certs to conserve scarce IPv4
> addresses. This data can increase the size of the certificate by 25% or
> more. Should we recommend a maximum number of SANs in a certificate? If
> so, what should that number be? Or should we look at the total size of
> the certificate rather than individual fields?
Seems to me like total certificate size is what needs to be optimized
for. So perhaps the best approach is to list all the things which are
useful in some circumstances but which can affect certificate size, so
people can make the necessary trade-offs. You would also need to list
the "important thresholds".
One could even perhaps have a little online JS cert size calculator :-)
Gerv
More information about the Performance
mailing list