Author dkg
Recipients Arfrever, ShaneHarvey, barry, behackett, benjamin.peterson, christian.heimes, dkg, georg.brandl, jcea, pconnell, pitrou
Date 2019-10-17.01:46:40
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <87ftjt6j4u.fsf@fifthhorseman.net>
In-reply-to <1570671522.21.0.151508418003.issue17123@roundup.psfhosted.org>
Content
On Thu 2019-10-10 01:38:42 +0000, Benjamin Peterson wrote:

> Considering OSCP has fallen out of favor relative to CT in recent
> years, may be should simply reject this feature request.

CT provides the possibility of a website operator to *detect* CA
malfeasance.

OCSP provides a live "proof of freshness" of the certificate at a
cadence significantly shorter than the lifetime of most certificates
(even the 90-day certificates offered by ACME-driven CAs like Let's
Encrypt).

These are orthogonal, and mutually-reinforcing mechanisms, not competing
mechanisms.

      --dkg
History
Date User Action Args
2019-10-17 01:46:40dkgsetrecipients: + dkg, barry, georg.brandl, jcea, pitrou, christian.heimes, benjamin.peterson, Arfrever, pconnell, behackett, ShaneHarvey
2019-10-17 01:46:40dkglinkissue17123 messages
2019-10-17 01:46:40dkgcreate