resumption climbing thanks to PFS, I think impact would be small. Wouldn't auto renewal make the rogue ca problem worse?
-
-
How?
1 reply 0 retweets 0 likes -
-
Replying to @BenLaurie @agl__
Bah, yep! I'm just thinking that auto-renewal makes it even harder for a customer to fire their CA.
1 reply 0 retweets 0 likes -
Ah. So, I was thinking standards-based renewal (e.g. ACME) from a panel of CAs. Panel would presumably be live sourced. :-)
1 reply 0 retweets 0 likes -
Replying to @BenLaurie @agl__
That works too, but maybe is cartelism. m-of-n might be better at letting a market work. .
1 reply 0 retweets 0 likes -
I would assume the panel would consist of all CAs in the main root stores that accept the protocol(s).
1 reply 0 retweets 0 likes -
Replying to @BenLaurie @agl__
It's a lot of legal work for BigCo's to vet a provider and their terms, that's what I'm thinking of too.
1 reply 0 retweets 0 likes -
They wouldn't give a script a blank check, and probably wouldn't do the work to negotiate a "just in case" provider.
1 reply 0 retweets 0 likes -
surely n for auto-renewal need be no larger than n for m-of-n - and probably smaller?
1 reply 0 retweets 0 likes
True, just think you'd need a mechanism where you're actually using each CA in n. Maybe a cert from each every n days.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.