Now that I have the OCSP responder stuff working, I started playing around with how firefox uses the AIA records. In the end entity certificates, I have setup AIA that lists three OCSP responders, namely: Not Critical OCSP: URI: http://server1:9000 OCSP: URI: http://server2:9000 OCSP: URI: http://server3:9000
I have noticed that firefox seems to only try the last responder. If that responder is not available or does not respond then should firefox pick one of the other responders and try it? Should this process continue until it gets a response from one of the responders or until it has exhausted the list of responders? Thanks, Bruce _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
