Dan Wendlandt
Dan Wendlandt
if a client saw something other than what the notary reported, let the client request a new "on-demand" probe. we should do something simple to rate limit the number of...
For analysis of future security incidents, it would be good if we store the full certificate PEM once for each fingerprint seen. This would be pretty easy to add using...
having longer sleeps seems to make individual queries take a while, which may lead to more timeouts for on-demand probes.
This would mean that if a notary server was down but not needed for quorum, the process of querying notaries could end after sufficient results were returned without waiting for...
This will make it easier for someone to "turn on debugging" when they need to troubleshoot a particular problem. Ideally would have each of the flags support being set individually....
A key criteria is that we should strongly validate the security of the downloaded data, such that even if someone has compromised a CA, they cannot spoof a valid notary...
Let users opt to get strong warnings if the notary results are inconsistent, even for certificates trusted by the browser. Email from user: > Would you consider including some sort...
The idea being that a quorum duration of 0 for a site which notaries do not have any past information on is less suspicious than a quorum duration of 0...
The existing whitelisting functionality does not support the scenario where you do not want to contact notaries for a set of sites, but you also do not want to automatically...