On 10/13/2009 03:54 PM, Gervase Markham:
Firefox uses OCSP but, by default, any response other than a definite
"is revoked" response is treated as "is not revoked". There is a user
pref that allows the user to change that, so that any response other
than "is not revoked" is treated as "is revoked".
IMO, we need to be smarter about that.
Here's a straw man:
OK:
200 response with OK
No response (network problems)
That places /not found/ and /no DNS/ etc. into the same category. That's
what's happening today with a certain CA.
What about those certificate which don't have any OCSP URI in the
certificate? Should they be treated as....?
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP: start...@startcom.org
Blog: http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
