I wouldn't be worried about a browser rejecting a cert that doesn't
comply. Instead, I'd be worried about a qualified audit showing
non-compliance. Although Mozilla might not care about that particular
non-compliance, other browsers and partners might.
Jeremy
On 9/22/2014 8:36 AM, Gervase Markham wrote:
On 17/09/14 08:34, Kurt Roeckx wrote:
A browser could perfectly reject a certificate that doesn't comply with
the BR because the required OCSP URI is missing.
It could. If such browsers existed, I agree it would have a negative
effect on the likelihood of success of a short-lived certs plan. But I
do not know of any such browsers. Do you?
Gerv
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
.
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
