DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=41123>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41123 ------- Additional Comments From [EMAIL PROTECTED] 2007-11-15 07:19 ------- (In reply to comment #27) > - removed addition of SSLForceValidation, which is orthogonal to basic OCSP This is a very important feature (also for other validation mechanisms, like CRL or, maybe in the future LDAP). Without that, the administrator cannot decide what to do when no validation mechanism is available (OCSp responder not available, or CRL files not up to date). Depending on the server security level, the implementation will either be seen as conatining a security hole (the cert is accepted although it is invalid), or it will be considered as too strict (blocking valid users because of third party infrastsucture problems). This is a feature that we see as crucial for most of the application owners. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
