Eddy Nigg (StartCom Ltd.) wrote: > manually. OCSP is turned _off_ by default, I think. An improvement would > be to use the CRL distribution points identifier and import the CRL > automatic.
Actually this wouldn't be an improvement and there is various reason why CRLs were replaced with OCSP, and OCSP revocation checks should be turned on by default, although I'd be more interested to see OCSP proxying by the website implemented to protect end user privacy. -- Best regards, Duane http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://e164.org - Because e164.arpa is a tax on VoIP "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
