On 10/24/13 11:45 AM, Eddy Nigg wrote:
On 10/24/2013 08:01 PM, From Kathleen Wilson:
For EV certs Firefox has always checked the CRL when the OCSP AIA URI
was not provided. EV treatment would not be given if current
revocation information was not obtained.
If Firefox really uses the CRLDP, then I suggest to keep that option
still open .... meaning if no stapled OCSP response, use the normal
pointers and if that fails use CRL. Remove EV (and the "secure" UI
indicators if you want from any other certificate) when certificate
status can't be verified.
Please feel free to comment in bug #585122.
Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
