@bascule Yup, for leaves. Doesn't help for cross-signing though, depending on how the CA did their PKI.
@sleevi_ if ClientHello contains supported hash functions, can't servers send back variadic chains based on what the client supports?
-
-
-
@sleevi_ so ideally, instead of "chains", there would be a DAG of certificates? -
@bascule Ideally? No. But permitted, yes. For example, only way to get old Android + new Firefox to work reliably for a site independently. -
@sleevi_ sounds like you're trying to shoehorn a DAG into a list... -
@bascule Not following the IETF discussion on that, eh? ;) -
@sleevi_ I was trying to, but I'm on vacation and woke up to way more emails than I cared to read right now...
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.