Duane wrote: > Alaric Dailey wrote: > > >> Not to take this discussion to far off track, but why would the user >> trust a proxied verification of the cert they are trying to verify? >> > > All OCSP requests are signed by a CA, there was some discussion on this > in the past and the OCSP proxy standard simply requests the OCSP > response from the website instead of going to the CA directly, all OCSP > responses have a limited life time and so there should be no problem > that I can think of with this. > > And the reason for this is privacy of the user, do you really want > Google (if they became a popular CA) or other companies collecting data > on your browsing habits? > > Doh!
Didn't think about the fact that it was signed (not even sure if I knew that, though it makes perfect sense). I wasn't contesting the protection of privacy, the more protection that can be done. the better! <http://cert.startcom.org/?app=109> _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
