April King
April King
Yep, that's perfect! Thanks!
The trick with this is that I'm not entirely sure what the best place to link to is. crt.sh can be a bit rough at times.
After considering this, I think it would be best if it simply linked to the SCTs in question, or at least information about the particular SCTs.
I think simply linking to the policies of the CT operator (cloudflare, google, etc.) is probably the best way to go. In that case, I would hard-code it in a...
Sure, yes, go ahead.
I don't know if I have any obvious way to tell that from what the browser passes me. And different CAs have different requirements. Or am I not understanding?
I think this one is probably a bit out of scope, especially given that I'd have to do a lot of work to figure out what the qualified logs are....
By the time that WebExtensions can read the certificate information, the connection has already been made. Unless I can get this information before `onHeadersReceived`, I wouldn't be able to terminate...
Is this actually the right thing to do, though? I'm not certain if this is a good idea, or if we should simply tell people that only `awscli` and `envvar`...
Yes, but that's a considerable amount of work for a small group of people clinging to an ancient subsystem. I almost think it would be better to simply say to...