Kyle Hamilton wrote: > EV requires OCSP. No, not true. From the EV Guidelines, section 26(a):
> CAs MUST support an OCSP capability for Subscriber Certificates that > are issued after Dec 31, 2010. Mozilla currently includes EV enabled roots of CAs which do not yet provide OCSP respondes for their server certs. > I believe that Mozilla requires OCSP to be > functional else it won't pass the internal EV checks to show the > green bar (please correct me if I'm wrong). It's supposed to do so, but current Firefox versions will happily show the EV indicator if an EV end-entity cert doesn't include an OCSP responder URI (see https://bugzilla.mozilla.org/show_bug.cgi?id=413997 and https://bugzilla.mozilla.org/show_bug.cgi?id=474606, and try https://addons.mozilla.org). Kaspar -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
