On 3/2/21 10:39 AM, Nico Williams wrote:
On Tue, Mar 02, 2021 at 10:19:53AM -0800, Michael Thomas wrote:[...] And once you rely on online crl's, it's all the same.Yes, well, wherever possible we should be using short-lived credentials and dispense with revocation.
Or just directly query the domain for the public key and turn it into a caching problem instead of a revocation problem. Caching has appeal because the TTL can be zero as needed.
Mike
