I'm talking about the DoS vulnerability opened up by making a few OCSP servers a single point of failure for *many* sites.
It's also not great that you have to let certificate authorities know about your browsing habits.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
