I think mozilla will turn OCSP back on by default in some forthcoming release. Maybe soon, who knows?
There has been discussions else where on this issue, basically at present it would be very difficult to stop any maliciously signed code from propagating unless things could be quickly nipped in the bud via OCSP, I see this reason alone as one reason why it should most definitely be turned on by default, and possibly enforce it regardless for any CAs issuing code signing certificates...
-- Best regards, Duane
http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
