-
-
@BRIAN_____@konklone@jmhodges It's the same thing, really. And supported, last I chckd. That's why I have trouble grokking the complaint. -
-
@BRIAN_____@konklone@jmhodges Oh, on that I totally agree with you. But complexity is necessary because of all the broken legacy. -
@BRIAN_____@konklone@jmhodges CAs will still be shy of NCs for another decade, and if I view the ecosystem as a whole, I don't blame them -
@BRIAN_____@konklone@jmhodges So we shift the complexity to new. Incremental moves, even complex, don't need to be anathema. -
@sleevi_@BRIAN_____@konklone I would love to, at the least, get the CAA work in the spec if not the intermediate version! -
@jmhodges@BRIAN_____@konklone Intermediate is already in the spec - https://tools.ietf.org/html/draft-ietf-trans-rfc6962-bis-12#section-4.3 … -
@sleevi_@BRIAN_____@konklone hm, maybe I'm misunderstanding but that MAY seems less than what I want. Probably just don't have context - 2 more replies
New conversation -
-
-
@BRIAN_____@konklone@sleevi_@jmhodges NC CAs don't easily scale for many orgs with changing name portfolio. Works for some, though. -
@isnotnick@BRIAN_____@konklone@jmhodges It's only an issue for the non-SNI clients, which many services are choosing not to support. -
@isnotnick@BRIAN_____@konklone@jmhodges If you have SNI, easy to do managed PKI where CA mints and operates one NC CA per domain. -
@isnotnick@BRIAN_____@konklone@jmhodges It's only when you need multiple domains in a cert (aka non-SNI generally) that NC agility mattrs
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.