Originally Roughtime just sent over one, fixed cert and at some point switched to having a long lived, and an delegated cert. The current structure of server response is a few layers deep, and I'd propose a flattening out of it. If we represent it as something JSON-like, it should look as of -11 like:
By having the time and cert signatures with distinct tags, implementers have a clearer delineation of what the tag represents, not based on it's placement in the structure
Removes a layer of nesting, which is a tiny payload size improvement
Existing implementations could support this and old without exclusively depending on accurate version reporting - by checking for CSIG (and DELE), validation of CERT/DELE could be handled appropriately.
I'm happy with the way it currently is. If this is implemented, it should be detected through version reporting - anything else just adds complexity and weirdness.
Originally Roughtime just sent over one, fixed cert and at some point switched to having a long lived, and an delegated cert. The current structure of server response is a few layers deep, and I'd propose a flattening out of it. If we represent it as something JSON-like, it should look as of -11 like:
What I propose is a slight restructure, flattening out:
There's a few reasons for this: