Johnathan Nightingale wrote: > On 9-Jan-09, at 9:38 AM, Michael Ströder wrote: >> Can OCSP still be disabled? Personally I have strong privacy concerns >> since when checking for a server cert via OCSP the OCSP responder knows >> which server you try to access (because the FQDN is in the server cert's >> subject DN). > > You can disable it, although EV certs will stop being treated as EV in > that case (since bug 405139).
Sigh... > You may also be interested in the work on OCSP-stapling, so that no > third party learns about your browsing, but you still get a CA-signed > OCSP response. The CAs are interested in this too, since it takes the > load off of them for high-traffic sites. Well, it will take some time until this is reality. And it means that you have to set up a OCSP responder. This is unlikely for many end users. Ciao, Michael. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
