Hi Tim, On 23/07/14 21:22, Tim Moses wrote: > Colleagues - I would like to advance the Browser Behaviour draft ... > > http://datatracker.ietf.org/doc/draft-wilson-wpkops-browser-processing/ > > ... to WG draft.
This document (helpfully) states: "This document reviews some of the certificate-processing features of the following cryptolibraries: Network Security Services (NSS), in two code sets, Classic (NSS-Classic) and PKIX (NSS-PKIX); ..." However, as of two days ago, with the release of Firefox 31, Firefox switched to using mozilla::pkix for certificate verification: https://blog.mozilla.org/security/2014/04/24/exciting-updates-to-certificate-verification-in-gecko/ https://www.mozilla.org/en-US/firefox/31.0/releasenotes/ You will need to decide whether to hold the document while you update it to take account of any changes. I can tell you that mozilla::pkix also does not do AIA chasing. "and most end users can manually add or remove root certificates" Is that a statement about opportunity or capability? :-) Perhaps better as: "most user agents give end users the opportunity to add or remove root certificates". Gerv _______________________________________________ wpkops mailing list [email protected] https://www.ietf.org/mailman/listinfo/wpkops
