root
Click on the red underlined text to get to the source
... clients to indicate to TLS servers which CA root keys
they possess. This functionality is desirable in order to prevent
multiple handshake ...
... clients that are only
able to store a small number of CA root keys due to memory
limitations.
...
... client to indicate
which CA root keys it possesses. Section 3.5 describes the extension
that allows the use of truncated HMAC. Section 3.6 describes the
...
... which certificates are encoded in PkiPath. In either case, the
self-signed root certificate MAY be omitted from the chain, under the
assumption that the server must already possess it in order to
...
... clients that, due to memory limitations, possess only a
small number of CA root keys may wish to indicate to servers which
root keys they possess, in order to avoid repeated handshake ...
... CA root keys may wish to indicate to servers which
root keys they possess, in order to avoid repeated handshake
failures.
...
...
In order to indicate which CA root keys they possess, clients MAY
include an extension of type "trusted_ca_keys" in the (extended)
...
... DistinguishedName<1..2^16-1>;
Here "TrustedAuthorities" provides a list of CA root key identifiers
that the client ...
... either:
- "pre_agreed": no CA root key identity supplied.
...
... - "key_sha1_hash": contains the SHA-1 hash of the CA root key. For
Digital Signature Algorithm ...
... Note that clients may include none, some, or all of the CA root keys
they possess in this extension.
...
...
The option to include no CA root keys is included to allow the client
to indicate possession of some pre-defined set of CA ...
... client
to indicate possession of some pre-defined set of CA root keys.
Servers that receive a client hello ...
...
It is possible that which CA root keys a client possesses could be
regarded as confidential information. As a result, the CA root key ...
... root keys a client possesses could be
regarded as confidential information. As a result, the CA root key
indication extension should be used with care.
...