> Server operators > often want to create short-lived certificates for servers in low- > trust zones such as CDNs or remote data centers.
But as currently specified, that low-trust short-lived certificate, if captured, can be used to spoof the operator anywhere else in the world. Yes, for a shorter time than the long-lived "true" key, but this still seems like a footgun. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
