For the purposes of better scaling things out, I would prefer to
maintain a table of certificate fingerprints that I want to deny, rather
than a table of certificates that I want to allow. Such a table would
need to be updated a small fraction of the time that an allow list would
need to be
On Thu, Oct 10, 2013 at 02:20:40PM -0400, micah wrote:
For the purposes of better scaling things out, I would prefer to
maintain a table of certificate fingerprints that I want to deny, rather
than a table of certificates that I want to allow.
You might think so, but you probably have not