Frank Hecker wrote, On 2008-10-17 06:57: > Please refresh my memory here: As I understand it, the basic problem was > that if the Microsec root were included in Firefox (or other products) > and a user surfed to an SSL/TLS-enabled site with an end entity > certificate issued by Microsec (a cert with the AIA extension with the > OCSP URL), then this would cause an error in Firefox 3, because Firefox > 3 does OCSP checking by default and it would get what it considered to > be a bad OCSP response. Do I have this right?
Yes. Bad response, ugly errors, no fun. > One final question: Does anyone know what Thunderbird 3 will be doing in > terms of OCSP checks? Will this problem affect end entity certificates > issued by Microsec for S/MIME use? I would expect it to be identical to FF3. They use the same PSM and NSS. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
