Andrews, Rick:
I hope I'm sending this to the right group. Can someone describe for me (or point me to documentation) how Firefox 1, 2, and 3 handle revocation checking, in terms of CRLs and OCSP? What I'm interested in is: - whether revocation checking is turned on by default
OCSP checking is turned on by default in FF3 provided that corresponding AIA OCSP URI exists in the certificate.
- whether CRL checking can be enabled but only for certain CRLs and Cas
No, CRL checking is only enabled for the CRLs you import manually.
- whether FF can be told to follow the CDP or AIA extension in the cert
Not for CDP, yes for AIA.
- any other wrinkles
I think that some support for CDP is being added or has been added lately. However I'm not 100% sure if this is the case and if that patch has landed.
I'm running FF2 now and I can see what options are there
No, anything below FF3 certainly doesn't support CDP and OCSP by default. In FF2 you may enable OCSP checking.
Any help would be appreciated. Thanks,
Hope this helps... Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
