On 02/24/2009 01:54 PM, Frank Hecker:
If the DistributionPointName contains multiple values, each name describes a different mechanism to obtain *the same CRL*.
...or use the same mechanism in order to balance and/or have a backup CRLDP.
It would be the responsibility of Hongkong Post to change its own practices if it wished to have its certificates continue to be recognized in Firefox, etc.
I don't understand the importance this issue has suddenly raised as neither CRLs are really supported by Firefox (and never were) nor is it impossible to fix it at the CA side. Once their certs don't work anymore they might be very quick to introduce a solution to the problem.
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
