On Fri, Mar 24, 2017 at 1:10 PM, Martin Rex <m...@sap.com> wrote: > If Chrome really does AIA-fetching (*shudder*), how can it be disabled? >
I can understand and appreciate your viewpoint, although we disagree. I'll save the rest of the list from rehashing that discussion, since the topic at hand was the question of whether there can be multiple valid paths with different hash algorithms. I attempted to demonstrate the various ways this practically happens and how it can be measured. Given that this is an intentional design decision and a disagreement on core security principles, it may be appropriate for you to consider a browser that aligns with your security perspectives, given that despite the explanations and shared perspectives, I have been unable to convince you in the past as to our disagreement. But I do hope we can agree on the topic at hand - that servers routinely have multiple certificate chains that combine a variety of digest algorithms, both with a single leaf certificate (CA variations) or multiple leaf certificates (e.g. Cloudflare, Facebook)
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
