Forum Discussion

1 Reply

  • They do this.  When you have that much browser marketshare, standards are suggestions.  Member when Chrome quietly dropped secp521r1 and broke a TON of internal CAs?  It might not have been in any NIST recommended ciphers but damn, it doesn't mean it's not in use.

    The issue with this is for internal and CA's that might not be fully automated now have to drop other balls to make sure that users using Chrome don't go high and dry.

    I get it, I get the need, but it's akin to forcing longer passwords. Benefit to practical risk of not having 90 day certs?