mirror of
https://git.sr.ht/~seirdy/seirdy.one
synced 2024-12-24 01:42:10 +00:00
typo
This commit is contained in:
parent
5c4046d867
commit
bd5c7aef97
1 changed files with 1 additions and 1 deletions
|
@ -307,7 +307,7 @@ Today, Certificate Authority Authorization (<abbr>CAA</abbr>) DNS records restri
|
|||
- Restrict issuance to short-lived certificates.
|
||||
- Restrict approved delegates for delegated credentials.
|
||||
|
||||
With the first extension, an attacker who triggers a misissuance would compromise it for a few days or hours months. The second extension limits the potential for rogue delegates to serve traffic on behalf of an <abbr>IdO</abbr>.
|
||||
With the first extension, an attacker who triggers a misissuance would compromise it for a few days or hours rather than months. The second extension limits the potential for rogue delegates to serve traffic on behalf of an <abbr>IdO</abbr>.
|
||||
|
||||
I want to see the protections offered by Expect-Staple preloading for short-lived certificates. HTTPS Resource Records (<abbr>RRs</abbr>) or client-side preload lists can proactively tell clients to distrust any long-lived certificate for a domain.[^12]
|
||||
|
||||
|
|
Loading…
Reference in a new issue