(no title)

Recently this came up in discussion with a software developer who was overly concerned with openssl certificate minutiae. I advised the only durable solution for his concerns is a method to change the entire implementation, not only the certs.