But I think the problem is that there is no TLS alert for “revocation status inaccessible”.
Best, Xiaoyin From: Salz, Rich<mailto:[email protected]> Sent: Monday, October 24, 2016 2:15 PM To: Ryan Carboni<mailto:[email protected]>; [email protected]<mailto:[email protected]> Subject: Re: [TLS] How should inability to access key revocation lists impact the TLS handshake? > How should inability to access key revocation lists impact the TLS handshake, > if previous public keys and/or certificate hashes are not cached? Nobody does revocation on the web, for some almost all encompassing definition of nobody. Instead, OCSP and OCSP stapling. > I cannot see this in the standard. Considering that all one has to do is DDOS > a certificate authority nowadays... General PKI and key lifecycle issues are, properly, not part of the TLS spec. /r$ _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
