On Sat, May 31, 2014 at 1:46 PM, Andrew McGlashan wrote: > We may see certificate stapling as an answer, but that won't be enough > if it cannot be certified to /require/ stapling in the cert itself. > There may be other solutions in time. > > You are right in saying that the whole certificate revocations model is > flawed, but not as flawed as what Google is choosing to use in CRLset. > Quite simply, Google's response to this problem is a joke.
It sounds like you've got a stinging itch there, so feel empowered to go scratch it. I'm sure Google would be interested in a nice patch set solving this problem once and for all. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CANTw=mpsc+psvbn-qacjm4hxfdgoidihl6an-dw7sb5torm...@mail.gmail.com