On 17/09/14 08:34, Kurt Roeckx wrote: > A browser could perfectly reject a certificate that doesn't comply with > the BR because the required OCSP URI is missing.
It could. If such browsers existed, I agree it would have a negative effect on the likelihood of success of a short-lived certs plan. But I do not know of any such browsers. Do you? Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy