it doesn't have to be turned on after you finish signing certs until its time to sign another batch...
To be fair, with OCSP you need something that's online all the time your certificates are used. But unless you have hundreds of peoples checking your certificates simultaneously, any low-end contraption can handle it.
Are you connecting to that self signed cert that is university owned or that self-signed cert that is setup by my evil laptop on the wifi network?
[...]
With BYOD you simply cannot use a self-signed certificates. Your potential attack surface than increases.
That's why the previous poster said "Or the college provides an easy way for the BYOD people to acquire the college's cert."
You don't have to trust any self-signed certificate that the web server throws at you. You go to the official, public website of your uni/work/whatever (or to the IT dept. if they want to do this by hand), and grab the CA cert there. You trust this website, it can have a regular certificate issued by any public authority, and using this newly downloaded cert. as a CA, you can safely connect to anything your workplace have in it's private network.
The only hindrance is that the users have to install this certificate once. Through easy GUI.
I'm more curious about why "different computer draws the image slightly differently".
Slight rounding differences, shape edge antialiasing behavior, font antialiasing behavior, installed fonts, and the like are the big ones I can think of. HTML5 Canvas behavior isn't specified down to the bit level.
Maybe it should. Providing an API and saying "it kinda work like this, most of the time, your mileage may vary" doesn't sound very good.
yes, but, there is so much layers that are supposed to smooth the hardware difference:
Now, I perfectly understand why neither the browser, the OS API, and the driver would bother to provide perfect results: we're trading performances for accuracy. After all, if I draw my circle with 0.1 pixel of error, it will look good because of antialiasing. But I still think that software results that are independant of external input should not vary from one hardware to another. There is only one good output for a deterministic software function when always providing the same input.
Imagine the horror if different processors would return different values when computing 1/0.999 just because they have different hardware (oh wait, this one kinda happened
So you think that money is the root of all evil. Have you ever asked what is the root of money? -- Ayn Rand