Prepare TLSA rollover tools
Currently tools are able to publish TLSA, but this does not allow rollovers.
We need to upgrade the process/script to publish the new records while keeping the previous records a certain time. Which means we need to memoize when it was published, and have some automated way of removing the old one.
In this process we need to pre-publish, which means install the new certificate later. So we need to act in advance before the previous one expire.
#1 Updated by Marc Dequènes almost 2 years ago
- Priority changed from High to Normal
So maybe some hope in the MOSS project for Firefox, but not for today.
I'm then lowering the priority of this BR.