Matthew McPherrin
Matthew McPherrin
AWS' "s3-website" feature doesn't support IPv6. You could try to access the bucket directly via the S3 "dual-stack" endpoints which support IPv6 ```deb https://s3.dualstack.eu-central-1.amazonaws.com/repo.aptly.info/ squeeze main``` I don't know how...
For the aptly maintainers, one option here is to configure Cloudfront with an S3 backend, which I believe would also reduce your bandwidth costs. Happy to chat privately/offline about AWS...
Let's Encrypt has added validation that the spans are inside the expected range for us (more than 6 months, less than 8 months). Supporting the range from Chrome's policy seems...
One thing I was considering was that we could prioritize "old" entries behind new ones in some way, so we can fill the pool each sequencing operation, and only drop...
Speaking only for Let's Encrypt and our CT implementation: We time out and try another log after 2 seconds. Ideally logs wouldn't come too close to that, so we're not...
My personal opinion is that the entropy requirements on serial numbers are a defense against bad hash functions, and we've more directly solved that already by removing SHA-1 and MD-5...
One more thing we see repeatedly in some WebPKI incidents is CAs not understanding the requirements, and assuming the linters will tell them if they're doing something wrong. Besides the...
> There's no reason to be generating serials this close to the limit anyway I don't really buy this argument. I think it is valid to use exactly 64-bit random...
Explicit curve parameters aren’t supported by the Golang x509 parser. RFC 5280 also doesn’t allow them. I think it is unlikely Zlint will add support for them. Is there a...
Can you expand on that any further? This is an effectively obsolete and unsupported feature, so I think it would be a big change to support it. Is there some...