On 6/1/09 04:01, Eddy Nigg wrote:
On 01/06/2009 04:51 AM, Julien R Pierre - Sun Microsystems:
It seems to me also that a self-signed certificate marked as a trust
anchor, ie. a root, probably shouldn't have an AIA extension. At least
it wouldn't make much sense for it to point to any OCSP responder, since
the root cannot revoke itself - there is no one above the root to revoke
it.
Haven't we discussed this just recently? I think Paul was part of the
discussion, no?
Yes, about 3 months back, I made a comment in the wiki to the extent
that the OCSP indicators should not be in the roots, only in EE.
https://wiki.mozilla.org/CA:Recommendations_for_Roots
iang
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
