@BenLaurie @agl if CAs are too-big-to-fail, should TLS use m-of-n certificates for redundancy? E.g. server_cert with 3 ECDSA certs.
Would give the ability to nuke a CA without impact. Cost of certs is going down, free is a thing. Plus more authenticity.
-
-
the concern I hear is the networking cost which increases page load time. Otherwise this would be a good idea.
-
resumption climbing thanks to PFS, I think impact would be small. Wouldn't auto renewal make the rogue ca problem worse?
- 10 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.