|
|
|
|
|
|
by throwaway64
5080 days ago
|
|
|
the problem here is rather than worrying about one particular cert getting compromised, you now have to worry about every CA in the world getting compromised, a much more likely possibility. It seems the best course of action would be to trust only an individual cert, and check for revocation. Also OCSP is basicly a joke, it works every single time, except when it matters (an attacker controlling your view of the world) |
|
|