On 10/15/2009 04:38 PM, Anders Rundgren:
But I don't *insist* that OCSP validation is a bad thing I just think that using plain-vanilla HTTP or rolling your own cer seem to be an easier way than faking an identity for a CA.
Agreed, but this is obviously an entire different issue. -- Regards Signer: Eddy Nigg, StartCom Ltd. XMPP: start...@startcom.org Blog: http://blog.startcom.org/ Twitter: http://twitter.com/eddy_nigg -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
