Gervase Markham wrote: > On 04/01/12 00:59, Brian Smith wrote: > > 5. libpkix has better AIA/CRL fetching: 5.a. libpkix can fetch > > revocation information for every cert in a chain. The non-libpkix > > validation cannot (right?). 5.b. libpkix can (in theory) fetch > > using > > LDAP in addition to HTTP. non-libpkix validation cannot. > > 5b) is not a significant advantage; everything CABForum is doing > requires HTTP access to revocation information, as many SSL clients > don't have LDAP capabilities.
That is true for Firefox, but the LDAP code might be(come) useful for Thunderbird. I don't know how well tested it is or even if it works, though. - Brian -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
