Y
Hacker News
new
|
ask
|
show
|
jobs
by
v13inc
4302 days ago
Why can't you just verify that the whole chain is SHA-1 instead of using the expiration date as a heuristic?
1 comments
Dylan16807
4302 days ago
Because then everything will seem fine until 2017 at which point all the sites break at once. Using the expiration date makes it gradual and shows problems when certificate updates are tested.
link