On 02/03/2009 08:05 AM, Kaspar Brand:
Mozilla currently includes EV enabled roots of CAs which do not yet provide OCSP respondes for their server certs.
Correct and this is a problem for both the CA and Mozilla...
It's supposed to do so, but current Firefox versions will happily show the EV indicator if an EV end-entity cert doesn't include an OCSP responder URI (see https://bugzilla.mozilla.org/show_bug.cgi?id=413997 and https://bugzilla.mozilla.org/show_bug.cgi?id=474606, and try https://addons.mozilla.org).
....just imagine, the CA has to revoke an EV certificate and Mozilla continues to happily show the green address bar. This isn't just a problem for the relying party, this can be a big one for Mozilla (and the CA).
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
