Ilari Liusvaara writes:
> > On Fri, Apr 21, 2017 at 10:52 AM, Nikos Mavrogiannopoulos
> > wrote:
> >
> > > My issue with OCSP when used under TLS was how to determine the
> > > validity of the response when the nextUpdate field is missing. I've
> > >
On Sun, Apr 23, 2017 at 12:01:08PM -0400, Ryan Sleevi wrote:
> > And the 12 month update interval for intermediates is IMO just crazy,
> > and won't work properly in TLS 1.3, now that multistaple is pretty much
> > a baseline feature.
> >
>
> I have no desire to support multistaple within Chrome.
On Sun, Apr 23, 2017 at 12:01:08PM -0400, Ryan Sleevi wrote:
> On Sun, Apr 23, 2017 at 6:34 AM, Ilari Liusvaara
> wrote:
>
> > And the 12 month update interval for intermediates is IMO just crazy,
> > and won't work properly in TLS 1.3, now that multistaple is pretty
On Sun, Apr 23, 2017 at 6:34 AM, Ilari Liusvaara
wrote:
>
> I meant if anyone has seen a OCSP response from "public" CA lately that
> lacks NextUpdate.
>
Why would it matter? Are you suggesting we determine what should be part of
TLS based on what CAs are doing? That's
On Sat, Apr 22, 2017 at 11:42:06PM +0200, Kurt Roeckx wrote:
> On Sat, Apr 22, 2017 at 03:00:17PM +0300, Ilari Liusvaara wrote:
> > On Sat, Apr 22, 2017 at 07:53:50AM -0400, Eric Rescorla wrote:
> > > On Fri, Apr 21, 2017 at 10:52 AM, Nikos Mavrogiannopoulos
> > >
> > > wrote:
>