On 04/01/12 00:59, Brian Smith wrote: > 5. libpkix has better AIA/CRL fetching: 5.a. libpkix can fetch > revocation information for every cert in a chain. The non-libpkix > validation cannot (right?). 5.b. libpkix can (in theory) fetch using > LDAP in addition to HTTP. non-libpkix validation cannot.
5b) is not a significant advantage; everything CABForum is doing requires HTTP access to revocation information, as many SSL clients don't have LDAP capabilities. Gerv -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto