Google is pushing this for all websites by October 2017
One issue to be "caught" are subordinated CA certs that can
allow one vector for generating certs accepted by browsers w/o
importing any new certs.
Some of the info on the cert page:
https://www.certificate-transparency.org/what-is-ct
Seems to indicate that site-local generated and imported
certs may also be detected as invalid and be disallowed for
SSL connection approvals. That would be a major pain given
google's actions that seem to be hostile to end-user (or
end-site) web-caching.
(saw this on
http://www.theregister.co.uk/2016/10/31/google_certificate_transparency/
).
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
