On 8/16/19 9:40 PM, Jake Visser wrote:
Much like HSTS; Expect-CT is starting to be deployed too (this replaces certificate pinning). https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT
This will prevent users from accessing sites that are signed by a certificate that does not appear in the public transparency logs…
From reading the draft, it looks like adding a root cert will still allow over riding this. Is that not what 2.4.1 speaks of in there? I'll admit I'm not up on the newest SSL standards.
The best option – if this is truly to be used for emergency communications – is to try the proposed FCC path.
I would say we not try that. The FCC rules can be interpreted a number of different ways now, it's likely if we ask for clarification they may do so in a way making this all a violation. Right now the FCC rules are moot on encryption, the word doesn't appear in part 97 at all. -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net