Johnathan Nightingale wrote: > To give you a > somewhat recent example, we were strong proponents of mandatory OCSP > support by 2010 because we think it's better for the health of the net > to have high-availability revocation information available for > high-assurance certs, despite the arguments from some quarters that it > would be too costly to support on high-traffic sites.
Can OCSP still be disabled? Personally I have strong privacy concerns since when checking for a server cert via OCSP the OCSP responder knows which server you try to access (because the FQDN is in the server cert's subject DN). Ciao, Michael. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
