On Sun, Jul 24, 2016 at 7:13 PM, Chris Drake <[email protected]> wrote:
> > > >> Every browser in the world lets you retrieve content despite any kind > of certificate problem, expiry included, so no, this idea will never be > suitable for CDN revocation. > >This is not true. > Sorry. It *is *true. > > I'll bet you 1BTC that I can use whatever browser you want to get whatever > content you like from any expired-cert site you nominate. Even if the > browser tried hard to stop me, I can always still proxy it too, like > https://hide.me/en/proxy > That's not a useful counter-example, because the discussion is about whether expired certificates would be meaningfully effective at stopping users from interacting with CDN content. Extremely few users have the interest or ability in taking any of the actions you described -- those who would do so are not the target audience for the expired certificates. -- Eric
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
