I have never ever ever, not once, seen a working revoking system. In THEORY there's this idea that the bad cert can be listed in a CRL, and the servers all refresh it and we're good. I've seen half solutions at best. Common problem ...
-
-
Disclaimer: they were using Apache 2.0, and I wrote that regex supporting madness, and so it is my fault and I will pay for my sins.
Show this thread -
Anyway, back to MTLS, it is a hodgepodge of awfulness. Massive code base to implement, terrible standards in the middle, and just obscure untested garbage left and right. RUN AWAY!
Show this thread -
Yet it gets a reputation for being a best practice, maybe because it's hard, or because it has a halo from the false talisman of cryptography. *shudder* BAD, BAD, TERRIBAD.
Show this thread -
Anyway, that's the rant out of my system! AMA about MTLS if you want, and dear
@Unrollme - please unroll this thread.Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.