On Mon, Dec 10, 2018 at 9:03 AM Daniel Kahn Gillmor
wrote:
> On Mon 2018-12-10 02:24:29 +, Salz, Rich wrote:
> >> * the status_request TLS extension doesn't provide a mechanism for
> >stapling OCSP for intermediate certs.
> >
> > Nobody does this. There's a handful of reasons, bu
On Tue, Dec 11, 2018 at 1:03 AM Daniel Kahn Gillmor
wrote:
> I'd be interested in hearing the reasons enumerated. It seems to me
> like being able to promptly revoke an intermediate certificate is a
> useful bit of mechanism. is it just because we hope the major browsers
> are clever and respons
On Mon, Dec 10, 2018 at 07:16:31AM -0500, Daniel Kahn Gillmor wrote:
> On Mon 2018-12-10 02:24:29 +, Salz, Rich wrote:
> >> * the status_request TLS extension doesn't provide a mechanism for
> >stapling OCSP for intermediate certs.
> >
> > Nobody does this. There's a handful of
On Mon 2018-12-10 02:24:29 +, Salz, Rich wrote:
>> * the status_request TLS extension doesn't provide a mechanism for
>stapling OCSP for intermediate certs.
>
> Nobody does this. There's a handful of reasons, but the end result is:
> nobody does this.
I'd be interested in hear
> * the status_request TLS extension doesn't provide a mechanism for
stapling OCSP for intermediate certs.
Nobody does this. There's a handful of reasons, but the end result is: nobody
does this.
>So i think this is a big swirling mishmash of not-quite-compatible and
not-qu
