Message 354825 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	dkg
Recipients	Arfrever, ShaneHarvey, barry, behackett, benjamin.peterson, christian.heimes, dkg, georg.brandl, jcea, pconnell, pitrou
Date	2019-10-17.01:46:40
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<87ftjt6j4u.fsf@fifthhorseman.net>
In-reply-to	<1570671522.21.0.151508418003.issue17123@roundup.psfhosted.org>

Content
On Thu 2019-10-10 01:38:42 +0000, Benjamin Peterson wrote: > Considering OSCP has fallen out of favor relative to CT in recent > years, may be should simply reject this feature request. CT provides the possibility of a website operator to detect CA malfeasance. OCSP provides a live "proof of freshness" of the certificate at a cadence significantly shorter than the lifetime of most certificates (even the 90-day certificates offered by ACME-driven CAs like Let's Encrypt). These are orthogonal, and mutually-reinforcing mechanisms, not competing mechanisms. --dkg

On Thu 2019-10-10 01:38:42 +0000, Benjamin Peterson wrote:

> Considering OSCP has fallen out of favor relative to CT in recent
> years, may be should simply reject this feature request.

CT provides the possibility of a website operator to *detect* CA
malfeasance.

OCSP provides a live "proof of freshness" of the certificate at a
cadence significantly shorter than the lifetime of most certificates
(even the 90-day certificates offered by ACME-driven CAs like Let's
Encrypt).

These are orthogonal, and mutually-reinforcing mechanisms, not competing
mechanisms.

      --dkg

History
Date	User	Action	Args
2019-10-17 01:46:40	dkg	set	recipients: + dkg, barry, georg.brandl, jcea, pitrou, christian.heimes, benjamin.peterson, Arfrever, pconnell, behackett, ShaneHarvey
2019-10-17 01:46:40	dkg	link	issue17123 messages
2019-10-17 01:46:40	dkg	create