JP Navarro [mailto:navarro@mcs.anl.gov] said:
Could these strings be a hash of a DN?
That wouldn't help much, the problem is the number of CAs more than the length of each one.
How many TrustedCAs are we thinking might need to be published for each endpoint, and how much data is that really? Do we think it would significantly impact the performance of our information systems to publish multiple collections of TrustedCA strings?
At a quick count, I get 89 CAs and about 5 KB of data, compared with about 2 KB currently in an Endpoint - and that for something for which, as far as I know, we have no uses, and which would be duplicated several thousand times over. For the BDII I think publishing that would not make any sense. Stephen -- Scanned by iCritical.