Frank Hecker wrote: > This sounds reasonable at first glance, but I admit to being a bit leary > about adopting such a policy. If we generalized this to something like > "Mozilla should NOT approve for inclusion any certs for root CAs that > rely on features not implemented in NSS", then, for example, it seems we > would never approve any CAs that provide CRLs for EE cert revocation > checking but not OCSP, given that NSS doesn't currently implement CRL > checking by default. > LOL! That's a good one...
...but it's also a said issue. As I understood from Nelson, this has something to do with some patents, so even I think it to be outright ridiculous, how following a URI for fetching a file can be patented. This is perhaps the greatest shortcoming of NSS up to date. -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
