Dear readers, Previously i drop a mail about three question, and I got answer ont he OCSP multiple request quiestion. Other were not answered, so I cutted one part of it out, and posted it again.
I would like to know, how the Firefox (NSS) handle this case: Multiple caIssuers and OCSP in AIA field, multiple CDP: ------------------------ The RFC 5280 doesn't exclude to have multiple OCSP and caIssuers field in the AIA. It is good for redundancy, for example to have two OCSP responder, when one of them is down,the other is accessible? Does the Firefox handle it? This same also implies for CDP. I have tried the followings: 1) it is possible with openssl only one AIA field inclusion. 2) the RFC 5280 Page 51 block 4 says, that caIssuers may have multiple instances, for different sources or different methods 3) A block later isn't any sentence, like this, so the case of multiple id-ad-ocsp is not clearly defined. Because the OCSP is a critical part for example to check a website SSLs validity, it is a good point to have multiple OCSP responders, and when one of them is broken, software can access another as backup, automaticaly, because of the multiple OCSP instance. Can anybody give me some details of the id-ad-OCSP handle of the Firefox? best regards. Viktor Varga _______________________________________________________________________ Ezt az e-mailt virus- es SPAM-szuresnek vetettuk ala a filter:mail MessageLabs rendszerrel. Tovabbi informacio: http://www.filtermax.hu This email has been scanned for viruses and SPAM by the filter:mail MessageLabs System. More information: http://www.filtermax.hu ________________________________________________________________________________________ -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
