On Sun, Apr 23, 2017 at 12:01:08PM -0400, Ryan Sleevi wrote: > On Sun, Apr 23, 2017 at 6:34 AM, Ilari Liusvaara <ilariliusva...@welho.com> > wrote: > > > And the 12 month update interval for intermediates is IMO just crazy, > > and won't work properly in TLS 1.3, now that multistaple is pretty much > > a baseline feature. > > > > I have no desire to support multistaple within Chrome. That it's specified > is great, but I believe multistaple is, for the general _browser_ case, > unnecessary. That's not to say it's not useful in other venues or in > specialized cases, which is the only reason I haven't complained here.
Well, given the 12 month(!!!) uppoer limit on public CAs, supporting intermediate stapling would be downright harmful. And that kind of upper limit makes the non-stapled version just useless. I imagine browsers have their own CA revocation lists, and don't use any form of CA-published CRLs nor OCSP. WebPKI does not take revocation seriously. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
