On Mon, Oct 28, 2013 at 12:27 PM, Stephen Davidson <s.david...@quovadisglobal.com> wrote: > Virtually every CA relying party agreement (RPA) that I know stipulates that > a user must validate the SSL using CRL or OCSP in order to place any reliance > on the certificate. > > Removal of that capability from browsers renders those RPAs useless, and > effectively removes warranties from the SSL sector.
Aren't these RPAs already useless? Anyway, AFAICT Mozilla didn't agree to any RPA agreement with any CA. Also, our users have not agreed to any such agreements. Perhaps it worthwhile to clarify this by forbidding such requirements on relying parties as part of our CA policy. Cheers, Brian -- Mozilla Networking/Crypto/Security (Necko/NSS/PSM) _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
