@alexstamos In a system of virtuous actors with a shared common goal of ensuring online security, I wouldn't disagree with. But alas...
-
-
Replying to @sleevi_
@alexstamos I know of CAs who purposely told their customers the SHA-1 sunset would slide and to not update their systems, for example.1 reply 0 retweets 5 likes -
Replying to @sleevi_
@alexstamos I know of a number of CAs that have never complied with Microsoft's entropy REQUIREMENT, let alone the BRs recommendation.2 replies 0 retweets 2 likes -
Replying to @sleevi_
@alexstamos I'm actually incredibly sympathetic, which is why I promoted name-constrained subCAs being exempt from requirements in Mozilla1 reply 1 retweet 2 likes -
Replying to @sleevi_
@alexstamos The 'ideal' world is that FB could obtain a name-constrained subCA for http://facebook.com and then do whatever it wants5 replies 0 retweets 6 likes
@sleevi_ @alexstamos And, Facebook should do that anyway, like Google did. It's what makes key pinning work best.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.