Notices by Fiona :heart_trans: (airtower@queer.af)

@mcc @megmac Or B.h uses a symbol declared in A.h but doesn't explicitly include it. If you include A.h then B.h it works, if you include B.h first you get implicit declarations and things break in weird ways.

@mcc That one makes me think of Odysseus and the cyclops. :meowSweat:

@2ndStar Zum Thema Prioritäten gibt's ein #xkcd… :catThink: https://xkcd.com/1613/

@natty 🍕 :blobcat_mlem:

Is there no-one on the Chromium team who knows about #OCSP stapling? Or does Google not like having to keep OCSP responses for stapling in their servers? https://www.chromium.org/Home/chromium-security/root-ca-policy/moving-forward-together/

They say they want to reduce #TLS certificate lifetimes because there's no good revocation mechanism, and all the problems they mention could be solved by strictly requiring stapling with the TLS feature extension in certificates (using RFC 7633). Stapling doesn't place a huge burden on CAs (because only the server using a certificate has to update its cached response now and then), it doesn't expose client behavior to CAs (because clients only need to talk to servers they want to talk to), and if stapling is required by the certificate it fails closed in case of revocation as soon as the last positive response expires (currently CAs usually issue responses with a lifetime of about a week, but that could be reduced easily).

Shorter certificate lifetimes aren't necessarily a bad thing, but the reasoning doesn't make sense.