Alaric Dailey wrote: > Not to take this discussion to far off track, but why would the user > trust a proxied verification of the cert they are trying to verify?
All OCSP requests are signed by a CA, there was some discussion on this in the past and the OCSP proxy standard simply requests the OCSP response from the website instead of going to the CA directly, all OCSP responses have a limited life time and so there should be no problem that I can think of with this. And the reason for this is privacy of the user, do you really want Google (if they became a popular CA) or other companies collecting data on your browsing habits? -- Best regards, Duane http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://e164.org - Because e164.arpa is a tax on VoIP "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
