CRLSets (including OneCRL) have a fundamental design issue that make them bad in the long term, esp. for EE certs. It's a stopgap, at best.
-
-
Replying to @BRIAN_____
@BRIAN_____ For the long term, we can all push for better solutions. (multi)OCSPStapling, clients clock shifts.1 reply 0 retweets 0 likes -
Replying to @eabalea
@eabalea@BRIAN_____ No, no multi stapling. So inefficient and wasteful and bad. Leaf+OneCRLs for sure!1 reply 0 retweets 1 like -
Replying to @BRIAN_____
@BRIAN_____@sleevi_@eabalea Stapling+OneCRL seems very reasonable. Pilot Log only has 2449 CA certs. CRL size if all revoked is small.1 reply 0 retweets 0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.