30 Aug
2019
30 Aug
'19
10:29 p.m.
There is still too much money in the CA business.
well, though on the surface i agree, i do not take it as a motivation to add one more chunk of sysadmin.
Which is the reason why no major browser does TLSA validation.
well. there is the extra protocol turn. agl tried and backed off, seemingly because of that. but, if we want to encourage tlsa, recommended values for the three lovely but obscure (after all, it is the dns) parameters. victor whacked me into using 211 with let's encrypt certs. randy