On 8/29/23 6:10 PM, Charles Mills wrote:
Not browser publishers and CAs; ONE particular browser publisher! The
CAs were on the other side of this one.
Apple may have been the first to the microphone, but I know that other
browser manufacturers were writing similar speeches.
About the only thing I can say in their defense is that the revocation
system is broken.
On a technical level, I don't know that I agree with that.
I believe that there were things in place that someone that wanted to
could have checked revocation.
Sadly, too many people -- probably the vast majority -- didn't do so for
one reason or another.
This might even partially be the tyranny of the default. I think most,
if not all, browsers opted to forego much of the revocation check in the
name of performance and page load time.
Most people didn't know better, and most of those that did didn't know
enough or weren't motivated to change it.
--
Grant. . . .
unix || die
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
