Daniel Kahn Gillmor <[email protected]> added the comment:
On Thu 2019-10-10 01:38:42 +0000, Benjamin Peterson wrote:
> Considering OSCP has fallen out of favor relative to CT in recent
> years, may be should simply reject this feature request.
CT provides the possibility of a website operator to *detect* CA
malfeasance.
OCSP provides a live "proof of freshness" of the certificate at a
cadence significantly shorter than the lifetime of most certificates
(even the 90-day certificates offered by ACME-driven CAs like Let's
Encrypt).
These are orthogonal, and mutually-reinforcing mechanisms, not competing
mechanisms.
--dkg
----------
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue17123>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
