Chris Thompson

I think we could do this once we start using ACME to automatically acquire some of the certificates used (otherwise, manually doing this would be too much effort).I think most...

Good idea. What do you think of also covering ways of serving a non-embedded SCT? Maybe overall target: - `embedded-sct.badssl.com` with a valid embedded SCT in the cert (just reuse...

We've deployed https://no-sct.badssl.com/, which should address this test case. (I'm not sure setting up the TLS Extension in nginx is worth the effort. We could set up a new subdomain...

It looks like we may be able to get these through DigiCert, but it will require some fiddling with our configs: https://docs.digicert.com/manage-certificates/certificate-profile-options/get-your-signed-http-exchange-certificate/ No specific plans for when we'll get to...

invalid-expected-sct is unfortunately defunct now because getting a new cert would effectively require a CA to violate requirements. For testing CT enforcement we do have https://no-sct.badssl.com which just omits SCT...

One idea that comes to mind for how to implement this would be as a hover card on the dashboard (maybe an (i) icon to give an affordance for the...

We could probably add this as a test case rather than a new subdomain. A quick sketch: * Add `common/test/insecure-download/` * Add an `index.html` there that has an `HTTP EXE...

@april Does this look good to you? Thanks!

@lgarron also suggested a couple other approaches on #443: > We could set up SSH or pull-based deploys using GitHub Actions fairly easily now, and either auto-deploy master or give...

Yeah, thinking about this more, if we can do something like a `git pull` on the server and a post-pull script to make sure everything is set up, that would...