Duane wrote: > Eddy Nigg (StartCom Ltd.) wrote: > > >> manually. OCSP is turned _off_ by default, I think. An improvement would >> be to use the CRL distribution points identifier and import the CRL >> automatic. >> > > Actually this wouldn't be an improvement and there is various reason why > CRLs were replaced with OCSP, and OCSP revocation checks should be > turned on by default, although I'd be more interested to see OCSP > proxying by the website implemented to protect end user privacy. > > Not to take this discussion to far off track, but why would the user trust a proxied verification of the cert they are trying to verify? Something else should be done about that. <http://cert.startcom.org/?app=109> _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
- Re: Extended Validation Certificates Robert Sayre
- Re: Extended Validation Certificates Duane
- Re: Extended Validation Certificates Ka-Ping Yee
- Re: Extended Validation Certificates Ka-Ping Yee
- Re: Extended Validation Certificates Eddy Nigg (StartCom Ltd.)
- Re: Extended Validation Certificates Robert Sayre
- Re: Extended Validation Certificates Eddy Nigg (StartCom Ltd.)
- Re: Extended Validation Certificates Ka-Ping Yee
- Re: Extended Validation Certificates Eddy Nigg (StartCom Ltd.)
- Re: Extended Validation Certificates Duane
- Re: Extended Validation Certificates Alaric Dailey
- Re: Extended Validation Certificates Eddy Nigg (StartCom Ltd.)
- Re: Extended Validation Certificates Duane
- Re: Extended Validation Certificates Alaric Dailey
- OCSP relaying (was Re: Extended Validation Certi... Philipp Gühring
- Re: Extended Validation Certificates Gervase Markham
- Re: Extended Validation Certificates Duane
- Re: Extended Validation Certificates Duane
- Re: Extended Validation Certificates Heikki Toivonen
- Re: Extended Validation Certificates Gervase Markham
- Re: Extended Validation Certificates Gervase Markham
