Hi Sean, thanks for the additional information on the topic . ( I already found a few discussions on the web where this feature/extension was not liked very much. )
Best regards, Matthias >The comment is somewhat incorrect as I believe it's more for security >reasons. We don't necessarily want to make an outbound network request >w/o the user or application enabling that by setting a system property. >Plus, AIA fetching of the certificate issuer's certificate occurs >*before* the certificate has been validated (since it requires the CA's >public key to verify the signature on the certificate), so the AIA URL >has not been validated beforehand. That may not introduce any security >issues, but it still makes sense to not enable this by default in my >opinion.
