On 11/02/2013 12:32 AM, From [email protected]:
So if this really is the case, it seems to me that this constitutes a zero day vulnerability in Firefox. I don't mean to sound alarmist but...???
It's not since it's always been like this and one of the reasons CAs must provide OCSP revocation capability. It would be however /nice/ to have a CRL fallback...
-- Regards Signer: Eddy Nigg, StartCom Ltd. XMPP: [email protected] Blog: http://blog.startcom.org/ Twitter: http://twitter.com/eddy_nigg _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
