Ka-Ping Yee wrote:
But if certificate revocation is going to work, doesn't it have to be implemented by the browser? Couldn't there be a role for Mozilla to play here?
There are two ways of doing certificate revocation, OCSP and CRLs. However, both mean the browser contacts the CA to determine which certificates have been revoked.
OCSP, the real-time checking service, is mandatory for end-entity certificates in EV.
Gerv _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
