On 04/09/14 14:18, Rob Stradling wrote: > Today, if an end-entity cert contains no AIA->OCSP URL and the server > sends no stapled OCSP response, it's a violation of the BRs. I wonder > if any clients out there would reject the cert in this situation? (I > suspect not, but it's something to watch out for).
I'm not aware of any browser which enforces the presence of revocation information, but if such a browser existed, that would of course affect the viability of the option of updating the BRs to not require revocation information for short-lived certs. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
