|
|
|
|
|
|
by xnyhps
3553 days ago
|
|
|
> If the certificate is preexisting (presumably issued before 9/19/16) it will be trusted ONLY if the certificate is CT logged. It will know if this is the case by looking for an SCT belonging to that certificate. The SCT will either be embedded directly in the certificate, or provided with the certificate during the SSL handshake (this is known as "stapling"). I doubt they'll do it this way. WoSign has only been embedding SCTs for all certificates since July and I wouldn't count on many webservers implementing SCT stapling. I expect Apple to ship a whitelist of hashes of certs that should be trusted instead. |
|
|