One of the topics of discussion at the WG discussion was whether
ServerConfiguration.expiration_date should be an absolute or relative value.
Subodh (CC) dug into our production data and found that nearly half of the TLS
errors we see in production (end user to edge/origin) are due to date misma
On Wed, Jul 22, 2015 at 9:55 PM, Blake Matheny
mailto:bmath...@fb.com>> wrote:
One of the topics of discussion at the WG discussion was whether
ServerConfiguration.expiration_date should be an absolute or relative value.
Subodh (CC) dug into our production data and found that nearly half
Ahh. I can't tell, the data I have is only clients with very very broken clocks
who failed validation as a result. My assumption would be that there is a much
larger number of clients that fit what you described (cert/OCSP check passes,
but ServerConfiguration would not be). Since I don’t have t
