On 5/17/25 8:50 AM, Slavko via mailop wrote:
I feel it as just demonstration of power (raw translated), one company can dictate to whole world/Internet, thus it dictates own "smart" ideas.
Having been exposed to the inside of the company and know that they are chasing legitimate, but EXTREMELY rare, problems -> attacks, they are trying to close holes for safety issues.
It's just that they have determined that the number of people -- like myself -- that are using server certificates to authenticate are a small enough percentage that they can ignore it. IMHO they are cutting off a limb for the safety of the rest of the body (from an open hangnail that was dunked in lemon juice).
I am more interesting in "which problem will that solve?" (if any)
I suspect it's probably rooted reducing code / attack surface for code paths that aren't needed by their primary line of business (TLS for /servers/) or their primary client application (web-browser; read: TLS client).
It's sad that their actions have so profound repercussions on the rest of the industry.
I maintain; their servers / product means their choice. But I think they are bastards for the choice that they have made.
-- Grant. . . . _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
