<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></head><body dir="auto"><div dir="auto">They revoked their revocation plans?</div><div dir="auto">Irony is not dead.</div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto"><br></div><div id="composer_signature" dir="auto"><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><div style="font-size:85%;color:#575757">Sent from my Samsung device running Android (basically Linux in drag)</div></div><div dir="auto"><br></div><div><br></div><div style="font-size:100%;color:#000000" dir="auto"><!-- originalMessage --><div>-------- Original message --------</div><div>From: CrankyOldBugger <crankyoldbugger@gmail.com> </div><div>Date: 2020-03-05 13:40 (GMT-05:00) </div><div>To: KWLUG discussion <kwlug-disc@kwlug.org>, Kitchener Waterloo Cryptography Interest Group <KWCrypto@kornbluth.sobac.com> </div><div>Subject: Re: [kwlug-disc] Let's Encrypt revoking all certificates tomorrow </div><div><br></div></div><div dir="ltr"><div>And now another change to the plan... they're delaying the revocation:</div><div><br></div><div><a href="https://arstechnica.com/information-technology/2020/03/lets-encrypt-holds-off-on-revocation-of-certificates/">https://arstechnica.com/information-technology/2020/03/lets-encrypt-holds-off-on-revocation-of-certificates/</a></div><div><br></div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 3 Mar 2020 at 22:13, Jeff Smith <<a href="mailto:crankyoldbugger@gmail.com">crankyoldbugger@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">My initial information was incorrect.. seems that we're only talking a <br>
small percentage of the certificates are going to be revoked. Still, <br>
it's something to watch out for...<br>
<br>
<br>
<br>
On 2020-03-03 1:39 p.m., Mikalai Birukou via kwlug-disc wrote:<br>
> Thank you for sharing this.<br>
><br>
> My understanding, from reading this and checks of my domains is that <br>
> only those certs affected that where issued for multiple domains (one <br>
> cert for several domains).<br>
><br>
> My context. I used to have multi-domain certs for TLS-ing web servers. <br>
> No longer. Relying now on SNI checks. They exist in haproxy <br>
> explicitly, and nginx does SNI checks implicitly. And certbot will <br>
> patiently work with however many different certs you have -- again no <br>
> need for multi-domain certs.<br>
><br>
> On 2020-03-03 1:11 p.m., CrankyOldBugger wrote:<br>
>><br>
>> <a href="https://www.cyberciti.biz/security/letsencrypt-is-revoking-certificates-on-march-4/" rel="noreferrer" target="_blank">https://www.cyberciti.biz/security/letsencrypt-is-revoking-certificates-on-march-4/</a> <br>
>><br>
>><br>
>> Apparently they found a bug so they're revoking all affected <br>
>> certificates.<br>
>><br>
><br>
><br>
> _______________________________________________<br>
> kwlug-disc mailing list<br>
> <a href="mailto:kwlug-disc@kwlug.org" target="_blank">kwlug-disc@kwlug.org</a><br>
> <a href="https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" rel="noreferrer" target="_blank">https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org</a><br>
</blockquote></div>
</body></html>