On 10/31/2016 04:13 PM, L. A. Walsh wrote: > Google is pushing this for all websites by October 2017 Just Extended Validation (EV) sites, to be exact AFAICT. All other sites will be forced into the new scheme sometime later. Naturally, this may result in requests to downgrade mimicked server certificates to remove the EV extension (assuming we mimic it today). > https://www.certificate-transparency.org/what-is-ct > > Seems to indicate that site-local generated and imported > certs may also be detected as invalid and be disallowed for > SSL connection approvals. That would be a major pain The question is whether the affected browsers will have knobs to disable CT checks or perhaps to configure custom Certificate Log addresses. If everything is hard-coded, then bumping is doomed. Otherwise, expect more sysadmin pains. You can probably answer that question now by studying Chrome configuration. Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
