SSL and TLS are broken in many exciting ways. I’m just going to focus on one of these: revocation.
Certificate authorities (‘CAs’) tend to issue certificates with fairly long validity periods — a year is common. What do they do if they find that a certificate is bad before the year is up?
Continue reading OCSP stapling, and other stupid ideas.