(I digress, but) A status like that would be useless. If you know a certificate will be revoked soon, it's already untrusted.
(This is partially why I have mixed feelings about ARI.)
2 Likes
Yeah, the almost-revoked status is kind of weird. A lot of things really depend on the reason for the revocation. There's some line between "not quite all the i's were dotted so the rules say we need to revoke but there isn't actually a problem relying on the cert" and "nobody should trust this cert for anything" but technologically there's just "is it revoked?", and potentially with ARI "will it be revoked soon". But it's not like you can just present all the facts to the user to have them make an informed choice about trusting a certificate either, in a lot of cases.
3 Likes
I understood the field was a "renew on this date" field, which can of course be edited to "right now" -- not an "almost revoked" flag.
3 Likes
I know that a feature of LE is that they try to be as transparent as possible, but I think that might be a bit too much organizational transparency at one time! 
As a consequence of being in grad school for community development, I've learned a lot about the structure of nonprofits, how they are organized, and how they make decisions about what operations to prioritize. Judging from how things went last week and this week, there is only so much time they can commit to doing things like researching payment processing options or determining exactly what the baseline should be for number of certificates processed per milisecondâwhich is exactly what they'd have to do in order to implement two of the suggestions in this thread. From what I inferred of the updates from the LE staff in the Incident threads, they were tap-dancing very furiously indeed.
However, I do agree that this has probably veered into different-topic areas and I've helped steer it there.
4 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.