Message354825
On Thu 2019-10-10 01:38:42 +0000, Benjamin Peterson wrote:
> Considering OSCP has fallen out of favor relative to CT in recent
> years, may be should simply reject this feature request.
CT provides the possibility of a website operator to *detect* CA
malfeasance.
OCSP provides a live "proof of freshness" of the certificate at a
cadence significantly shorter than the lifetime of most certificates
(even the 90-day certificates offered by ACME-driven CAs like Let's
Encrypt).
These are orthogonal, and mutually-reinforcing mechanisms, not competing
mechanisms.
--dkg |
|
Date |
User |
Action |
Args |
2019-10-17 01:46:40 | dkg | set | recipients:
+ dkg, barry, georg.brandl, jcea, pitrou, christian.heimes, benjamin.peterson, Arfrever, pconnell, behackett, ShaneHarvey |
2019-10-17 01:46:40 | dkg | link | issue17123 messages |
2019-10-17 01:46:40 | dkg | create | |
|