On 01/09/2009 03:41 AM, Julien R Pierre - Sun Microsystems:
FYI, if a certificate is expired, NSS won't even bother performing a revocation check on it, either CRL or OCSP.
Are you sure?
Ie. the expiration of the cert is more critical information than its revocation status
I think that's wrong as I explained in the previous mail.
Yet the PSM UI lets you click to override the expiration of a cert, but not for revocation. I don't think it makes much sense to override either case.
Well...I think expiration has some use for control panels and such stuff, without it one would have a hard time updating the cert in case it was forgotten. The same is true for overriding an eventual exception for initial cases (on a temporary basis). It happens to me every time I install a new server.
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
