Hi Duane, Agreed. If a CA indicates via an AIA that OCSP services are available then it better ensure things are working correctly.
Alex > -----Original Message----- > From: Duane [mailto:[EMAIL PROTECTED] > Sent: Monday, February 09, 2004 7:41 PM > To: [EMAIL PROTECTED] > Subject: Re: On turning CRL and OCSP checking on by default. > > > > > It would be nice, but I wonder how many users would > complain about all > > the sites not working ... A lot of OCSP servers have been > incorrectly > > (and that includes Verisign's). I think the option should be off by > > default for clients, certainly for CRLs, which get very > large and are > > not suitable from most clients at low bandwidth under any > circumstances. > > with OCSP, shouldn't the CAs have some quality assurance to fix these > kinds of problems in a timely manner, I'm sure this is > possibly under the > wrong thread, but this relates back to the pre/post CA > checks... or at > least I percieve it to... > _______________________________________________ > mozilla-crypto mailing list > [EMAIL PROTECTED] > http://mail.mozilla.org/listinfo/mozilla-> crypto > _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto