It would be nice, but I wonder how many users would complain about all the sites not working ... A lot of OCSP servers have been incorrectly (and that includes Verisign's). I think the option should be off by default for clients, certainly for CRLs, which get very large and are not suitable from most clients at low bandwidth under any circumstances.
with OCSP, shouldn't the CAs have some quality assurance to fix these kinds of problems in a timely manner, I'm sure this is possibly under the wrong thread, but this relates back to the pre/post CA checks... or at least I percieve it to...
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
