undefined | Better HN

0 pointslondons_explore1y ago0 comments

> No, because the CAA record only has to be in place at the time of issuance, rather than the whole lifetime of the certificate.

could we change this? Ie. if the CAA record disappears, it would be a reason to revoke a certificate?

Then 3rd parties could scan transparency logs and CAA records and flag discrepancies.

0 comments

It would be possible to change, though that would be a pretty big change.

Personally I think this is another good argument for short lived certificates and reducing reliance on revocation systems.

j / k navigate · click thread line to collapse

It would be possible to change, though that would be a pretty big change.

Personally I think this is another good argument for short lived certificates and reducing reliance on revocation systems.

j / k navigate · click thread line to collapse