Ian Denhardt

(Fwiw, this was on my shortlist of things to work on anyway; I have several grains that I would like to delete from my own grain list but can't because...

Had some other thoughts re: what to do for role assignment of the original owner: * My first thought was that we could have ownership transfer require confirmation from the...

(It is especially problematic if the server enforces quotas: here, you pay for this).

Quoting Jacob Weisz (2021-09-20 02:40:10) > Or even just using it as a way to transfer spam into their grain list... I mean, even this much is theoretically already a...

+1. Some design questions to figure out: - What happens if a user decides to re-purpose the domain? Should we set a short-ish max-age by default so as to avoid...

I think 5 years is optimistic for fixing the problems with PKI :P :/ But in any case, I think it makes sense to ignore "HTTPS stops being a thing"...

Hm, what if rather than just setting a "short" max-age, we set one that was equal to the cert's expiration date? This would guarantee that the current cert could continue...

Quoting Jacob Weisz (2021-10-23 15:45:41) > Click-through should work fine for Sandstorm if you're going into the > admin panel to fix your cert, shouldn't it? No, the whole UI...

I'm not inclined to worry about clock skew. Re: CLI: someday I'd like to have a "sandstorm distro" and be in a situation where you can just buy a sandstorm...

@ocdtrekkie, are you strongly opposed to a flat 30 day expiration? Looking at the code, it would be a *lot* less work than trying to plumb the cert expiration date...