Bryan Davis wrote:
The HTTPS tag (<https://phabricator.wikimedia.org/project/profile/162/>)
and the Traffic component
(<https://phabricator.wikimedia.org/project/profile/1201/>) would both
seem reasonable.
Thanks Brian, will do. I'm working on a fail-over method which won't
allow the kind of MITM attacks which WhatsApp is vulnerable to under
default settings. In the mean time, the White House web site
apparently has a certificate which was working last week but now
indicates it was revoked last May:
https://crt.sh/?q=60a5d3648459f4eb88700db0d08cda7f6139359c
Would it be a good idea to have HTTP ready to go in case HTTPS becomes unstable?
On Mon, Jan 30, 2017 at 10:06 AM, James Salsman <jsalsman(a)gmail.com> wrote:
I have been informed off-list that the answer to my
question is no,
and asked to open a phabricator task to allow for fail-over alternate
certificate utilization in the case of revocations via OCSP or
revocation list-based revocation.
I am strongly in favor of doing so, but I don't know how to categorize
such a task or the group to assign it to. Any ideas?
On Sun, Jan 29, 2017 at 8:32 PM, James Salsman <jsalsman(a)gmail.com> wrote:
> Are Foundation servers able to withstand Online Certificate Status
> Protocol certificate revocations, such as might occur according to RFC
> 5280 when a government agency declares a private key compromised
> because of secret evidence?