I agree completely. The RFC does not exclude it. It's not a bad idea. > Does the Firefox handle it?
Alas, no. I believe it always uses the first one it finds in the cert, and only that. Will be then the multiple OCSP inclusion? (This time ok, the software can only check the first, but later the others too.) The CAIssuer implementation is the same? Getting only the first? Is the inclusion of more than one problematic? > This same also implies for CDP. (I thought on the RFC, which is allows, that you have multiple access points for CRL.) CDP is different, in numerous ways and for numerous reasons. Today, Firefox does not do fetching of certs based on CDP, but that is being implemented now, and I expect it will try potentially all DPs until it gets an acceptable answer or exhausts the list of DPs. It is cool. Then if multiple CDP is included, one of them will get by the Firefox. _______________________________________________________________________ Ezt az e-mailt virus- es SPAM-szuresnek vetettuk ala a filter:mail MessageLabs rendszerrel. Tovabbi informacio: http://www.filtermax.hu This email has been scanned for viruses and SPAM by the filter:mail MessageLabs System. More information: http://www.filtermax.hu ________________________________________________________________________________________ -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
