Re: [FORGED] Re: How Certificates are Verified by Firefox

On Thu, 28 Nov 2019 at 20:22, Peter Gutmann wrote: > Ben Laurie via dev-security-policy > writes: > > >In short: caching considered harmful. > > Or "cacheing considered necessary to make things work"? If you happen to visit a bazillion sites a day. > In particular: > > >caching them and fill

Re: [FORGED] Re: How Certificates are Verified by Firefox

Ben Laurie via dev-security-policy writes: >In short: caching considered harmful. Or "cacheing considered necessary to make things work"? In particular: >caching them and filling in missing ones means that failure to present >correct cert chains is common behaviour. Which came first? Was ca

Re: How Certificates are Verified by Firefox

One of the things that was quite annoying when developing CT was browser behaviour wrt intermediates - caching them and filling in missing ones means that failure to present correct cert chains is common behaviour. Which means that anything that _doesn't_ see a lot of certs has quite a low chance o