Michael Catanzaro commented: https://gitlab.com/gnutls/gnutls/-/issues/1771#note_2945874272 One comment on your blog post: > There is only one technical workaround we can implement without severely > compromising security: including the cross-signed intermediate certificate > directly in the root store. However, I do not anticipate shipping such a > change before early February. I doubt that the affected service providers > will remain broken until then; they will likely fix the issue on their end, > which is the correct solution anyway. In practice, we know that websites generally only care about whether major browsers accept the chain. We know that both Firefox and Chrome accept this chain. If it's also accepted by Safari, then probably websites will not make any changes. (If Safari rejects the chain, then most websites will probably eventually notice and fix it.) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1771#note_2945874272 You're receiving this email because of your account on gitlab.com.
_______________________________________________ Gnutls-devel mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-devel
