|
|
|
|
|
|
by AstralStorm
2494 days ago
|
|
|
Technically, you could deliver revocations via a carrier pigeon, but of course it opens a joke hole of an attack. Unless it's a short distance for the pigeons. As does automatic unvetted certificate signing (because non-repudiation), or automatic instant revocation process. (Denial of service or downgrade) Pick your poison. |
|
|
The only way to make sure you don't get bitten by things like certificate expiration is to exercise update path often, and the more often the better.