Am 11.04.2014 18:46, schrieb Peter Eckersley:
Of course, yes. For revocation this is the correct approach.
Ah, for revocation. Your post read as if you meant reissuance also.
Regards
___
dev-security-policy mailing list
On 4/15/2014 7:43 AM, nobody wrote:
I just wondered... what is the pull back regarding Convergence to put it in
the webbrowsers by default?
The main issue is who are the notaries? If they're simply reflecting
back Yup, I see this valid CA cert then they aren't adding a whole lot
of value for
I did not look again but as far as I remember the concepts of
convergence are not really applicable any longer, because they suppose
that there is a finite set of certificates used, and if you look at
sites like google, twitter, etc with some plugins to catch the
certificates, you will see
On 4/16/2014 12:08 AM, Daniel Veditz wrote:
The main practical problems with convergence are that it introduces a
dependency on traffic to a 3rd party which hurts privacy, reliability,
and performance.
The same problem applies to Certificate Transparency too, but not to
OCSP revocation
On 4/15/2014 6:16 PM, Man Ho (Certizen) wrote:
On 4/16/2014 12:08 AM, Daniel Veditz wrote:
The main practical problems with convergence are that it introduces a
dependency on traffic to a 3rd party which hurts privacy, reliability,
and performance.
The same problem applies to Certificate
5 matches
Mail list logo