Richard Barnes
Richard Barnes
I can't speak for Chrome, but the Mozilla OneCRL list is (1) manually maintained, and (2) only covers intermediate CA certificates. So this is not an issue.
Paging @agl for CRLsets.
It looks like Chromium [does poll CRLs](https://dev.chromium.org/Home/chromium-security/crlsets) to get CRLset information. We should add CRL generation to the periodic revocation updater (and, for LE, send the URL to @agl to...
Moving this out to General Availability, since clients other than Chrome will fetch OCSP anyway.
Moving this to Defer, because I think several current implementations have in fact been able to automate the DNS challenge (e.g., [lego supports a bunch of DNS providers out of...
@annevk Would it be sufficient to require an existing media type here (probably `text/plain`)? Or would it be safer to define a new media type? If it's all the same...
@annevk - In light of the late stage in the process, I've tried to address this in a [minimally-invasive way](https://github.com/ietf-wg-acme/acme/pull/467/files#diff-8430e2aa241beb4ac49b252db20d4ee8R2592). As I noted in that PR, there's still some risk...
Yes, that's what led to this: https://github.com/juberti/cryptex/issues/31 On Mon, Mar 7, 2022 at 7:19 PM Cullen Jennings ***@***.***> wrote: > @bifurcation - Did you ever ger to look > at...
If protect/unprotect were not in-place, wouldn't there just be a copy going on internal to the protect/unprotect call instead of at the application layer?
Fair point. You would at least have to copy the header over, since that's not touched by the crypto.