| ▲ | Ajedi32 4 days ago | |
It's a real shame. OCSP with Must-Staple seemed like the perfect solution to this, it just never got widespread support. I suppose technically you can get approximately the same thing with 24-hour certificate expiry times. Maybe that's where this is ultimately heading. But there are issues with that design too. For example, it seems a little at odds with the idea of Certificate Transparency logs having a 24-hour merge delay. | ||
| ▲ | NoahZuniga 3 days ago | parent | next [-] | |
Also certificate transparency is moving to a new standard (sunlight CT) that has immediate merges. Google requires maximum merge delay to be 1 minute or less, but they've said on google groups that they expect merges to be way faster. | ||
| ▲ | lokar 3 days ago | parent | prev [-] | |
The log is not really for real time use. It’s to catch CA non-compliance. | ||