Certs should be checked against a CRL and CT for revocation, and expired certs s... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		freeone3000 on July 15, 2024 \| parent \| context \| favorite \| on: The six dumbest ideas in computer security (2005) Certs should be checked against a CRL and CT for revocation, and expired certs should never be accepted, for this reason among others.

bawolff on July 16, 2024 [–]

CT isn't used for revocation. CRLs aren't really a thing in practise. Refusing to accept expired certs is important for other reasons but won't save you from a reused ECDSA nonce.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact