Would give the ability to nuke a CA without impact. Cost of certs is going down, free is a thing. Plus more authenticity.
@BenLaurie @agl if CAs are too-big-to-fail, should TLS use m-of-n certificates for redundancy? E.g. server_cert with 3 ECDSA certs.
-
-
-
the concern I hear is the networking cost which increases page load time. Otherwise this would be a good idea.
- 11 more replies
New conversation -
-
-
Detection would be separate. Just a fix for too-big-to-fail. Could revoke a root CA without user-impact.
-
I don't follow how a time server gets you there.
End of conversation
New conversation -
-
-
Except if my cert is 1 day from renewal and I need a bunch of ace lawyers to turn around a CA contract in 24 hrs
-
It's the difference between "active active" redundancy and "Active-Failover". At scale, it brings surprises.
End of conversation
New conversation -
-
-
X+N is like alg deprecation; things come up, humans slow, lawyers more so. active-active is "constantly prepared"
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Absolutely!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Can we have a Smile-branded-Padlock in the URL bar for that?
-
ooh, I know. A new cert extension that is a timestamped signed lock logo. Makes eIDAS branding possible
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.