[Cryptography] Apple's 13-month certificate policy

Dave Horsfall dave at horsfall.org
Sun Feb 23 16:55:23 EST 2020


On Sat, 22 Feb 2020, Henry Baker wrote:

  [...]

> Either certificate revocation works or it doesn't.

  [...]

Well, there's at least two points of failure: the CRLs have to be kept up 
to date, and the browsers have to fetch them.

The sooner things get automated the better; I'm currently playing with 
Let's Encrypt, but there's one or two issues which aren't relevant to this 
list.

-- Dave


More information about the cryptography mailing list