|
|
|
|
|
|
by algesten
3431 days ago
|
|
|
The effort to prove a certificate is being changed for a good reason should be with the site owner, so I perhaps the standard could build in some sort of sign-by-previous-cert combined with mandatory information fields. The certificate pinning of CA is not that useful. So google rotate a lot of certs, but I bet 95% of the internet use one cert for one server until it expires. Google could fall in in line. |
|
|