6. (2004-06-10, 12:43:01)bellovin:

 > 6.2.6: Why does it say that "hosts SHOULD NOT store certificates"
 > under certain conditions?  Certificates are self-validating.  Ones
 > that aren't part of a chain may be useless, and it may be
 > advantageous under certain conditions to discard them, but
 > strongly advising their discard seems wrong -- if you have the
 > storage (and a good search algorithm), possessing them is useful
 > because it can avoid the need to solicit or receive them later.

Reply:

The reason relates to the specific order we have required the
certificates be sent, and guarding against denial-of-service attacks
relating to memory usage. At the point where we say "SHOULD NOT
store", we know that the other side either did not follow the spec or
has a root we can't verify to. To clarify, we can add the following sentence to
Section 6.2.6 paragraph 3:

     This measure is to prevent DoS attacks, whereby an
     attacker floods a host with certificates that the
     host cannot validate and overwhelms memory for
     certificate storage.

-----------

Minutes: Reason text Ok. Need to take away the keyword also.

-----------