It's a reality of the current CT system. If a crawler sees a short-lived certificate, it will submit it to a CT log and it will be accepted.
On Tue, Jul 18, 2017 at 2:45 PM Salz, Rich <[email protected]> wrote: > > Con short-lived certs: > > - Potentially problematic to the CT ecosystem (all certificates must be > logged in CT, which may bloat them). > > That's a browser policy, not an IETF requirement, right? > >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
