Hi Eric, Stop trolling. If you want to argue, address every point, and leave the thread in place.
>> Every browser in the world lets you retrieve content despite any kind of >> certificate problem, expiry included, so no, this idea will never be >> suitable for CDN revocation. >This is not true. Sorry. It is true. I'll bet you 1BTC that I can use whatever browser you want to get whatever content you like from any expired-cert site you nominate. Even if the browser tried hard to stop me, I can always still proxy it too, like https://hide.me/en/proxy Kind Regards, Chris Drake Monday, July 25, 2016, 8:53:38 AM, you wrote: On Sun, Jul 24, 2016 at 6:03 PM, Chris Drake <[email protected]> wrote: Hi Eric, Every browser in the world lets you retrieve content despite any kind of certificate problem, expiry included, so no, this idea will never be suitable for CDN revocation. This is not true. Most browsers will flag a full-screen certificate warning and not allow the user to proceed without clicking through scary text. Additionally, browsers that support HSTS will not allow users to click through these warnings at all, for origins which have a statically or dynamically set HSTS policy. In both cases, certificate expiration can deter user interaction with an origin. In the latter case, the barrier to user interaction with the website behind the expired certificate is very high. -- Eric
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
