1. Mcdonalds is 'normalized'. Everybody knows you can get a double quarter pounder at mcdonalds.
Christanity is not noticed. The public rarely knows the content of the faith it rejects. And the point is reinforced by the complete lack of knowledge about what it is and how pride might impact it, in this conversation.
2. "Normalization" and "oppression" are not words that mean what I'm talking about.
Christianity is "unknown" to the public and the LGBT politicians turn a blind eye to people they don't want to relate to. They are tripping over landmines they don't see. I pointed this out and was met with the same old desire to flee from relating to Christianity,
as we see from lgbtq activists all the time.
Not everybody thinks pride is a good thing nor that it should be shoved in their face, thinking that media spam is going to result in political conversions is hopelessly naive to how faith functions, what christianity is and without mutual knowledge of one another's worldview, it'll never be resolved in love.
I would argue that practitioners of the faith rarely know the content of the faith they practice. Hence the extreme anti-LGBT stance pushed in their politics and preferred media, despite the conspicuous lack of relevant scripture.
And this extremity is definitely something LGBT folks see all the time. Their states are passing laws banning them from sports and bathrooms. LGBT issues can no longer be mentioned in their schools. So don't play the pity card when Christians behave like monsters, and the non-Christian world responds in kind.
I finished my onsites with a FAANG company. Recruiter comes back to me and says every interviewer gave you the green light but the hiring committee wants another interview with these specific questions asked.
By this point I had already spent 8 hours with them. Told them to beat it and stop wasting my time.
It's ridiculous how disrespectful these companies are to our time.
AFAIK, nobody has suggested removal of OCSP from end-entity certificates. This article you linked (and the comment you wrote) is purely about removal from intermediate CA certificates.
The majority of OCSP traffic will probably be for end-entity certificates; most OCSP validation (in browsers and cryptographic libraries) is end-entity validation, not leaf-and-chain.
Removal of intermediate CA's OCSP is probably not really relevant to their overall OCSP performance numbers (and if it was, it was likely cached already).
There's an argument for not doing OCSP on end-entity certificates if you can approach the lifetime for the certificates that you'd realistically need for OCSP responses anyway.
Suppose you promise to issue OCSP revocations within 48 hours if it's urgent, and your OCSP responses are valid for 48 hours. That means after a problem happens OCSP revocation takes up to 96 hours to be effective.
If you only issue certificates with lifetimes of 96 hours then OCSP didn't add anything valuable - the certificates expire before they can effectively be revoked anyway.
Let's Encrypt is much closer to this idea (90 days) than many issuers were when it started (offering typically 1-3 years) but not quite close enough to argue revocation isn't valuable. However, the automation Let's Encrypt strongly encourages makes shortening lifetimes practical. Many of us have Let's Encrypt certs automated enough that if they renewed every 48 hours instead of every 60 days we'd barely care.
The solution to excessive OCSP traffic and privacy risk is supposed to be OCSP stapling instead, but TLS servers that can't get stapling right are still ridiculously popular so that hasn't gone so well.
I'm not sure, e.g. Chrome doesn't do OCSP by default, lots of embedded clients like curl won't either. Unless the protocol is terribly broken, that also seems like the kind of use case where 99% of queries just come out of cache and should never hit a database.
Let's Encrypt still has to publish OCSP responses for every non-expired leaf certificate, at least in time that you can always get a new OCSP response before the previous one expires. In practice they have a tighter schedule so that there's a period between "We are not meeting our self-imposed deadline" and "The Internet broke, oops" in which staff can figure out the problem and fix it.
To do this they automatically generate and sign OCSP responses (the vast majority of which will just say the certificate is still good) on a periodic cycle, and then they deliver them in bulk to a CDN. The CDN is who your client (or server if you do OCSP stapling, which you ideally should) talks to when checking OCSP.
To generate those responses they need a way (hey, a database) to get the set of all certificates which have not yet expired and whether those certificates are revoked or not.
2. Am I reading this right? You think LGBT people and pride is oppressing people more than Christianity?