@BRIAN_____ @randomoracle My point being is that the logic only ever applied to EV certs, so "nothing of value was lost" in terms of PKIX
-
-
Replying to @sleevi_
@BRIAN_____@sleevi_ Agreed OCSP is sufficient. But CRL can be faster (amortized) when 1 cached CRL answers N queries for same issuer2 replies 0 retweets 0 likes -
Replying to @randomoracle
@randomoracle@BRIAN_____@sleevi_ capi switches which approach it uses based on your usage pattern.1 reply 0 retweets 0 likes -
Replying to @rmhrisk
@rmhrisk@BRIAN_____@sleevi_ …which is why apps "defecting" from revocation check hurt overall system, by hiding usage pattern from CAPI3 replies 0 retweets 0 likes -
Replying to @randomoracle
@randomoracle@rmhrisk@BRIAN_____ Um, FF never used CAPI. Seems like a rather pointless comment, no defection happening, no loss for CAPI.3 replies 0 retweets 0 likes -
Replying to @sleevi_
@sleevi_@rmhrisk@BRIAN_____ And Chrome does "cooperate" by asking CAPI for offline check on Windows. Firefox never did.1 reply 0 retweets 1 like -
Replying to @randomoracle
@randomoracle@sleevi_@BRIAN_____ I didn't know that :)1 reply 0 retweets 0 likes
@rmhrisk @randomoracle @sleevi_ "Microsoft is going to start relying exclusively on OCSP, CRLs don't scale so well." https://cabforum.org/pipermail/public/2013-August/002105.html …
-
-
Replying to @BRIAN_____
@BRIAN_____@randomoracle@sleevi_ yes but the reality is if they made that change today it would be years before it's ubiquitous.0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.