-bounces+varga_v=netlock...@lists.mozilla.org] On Behalf
Of Varga Viktor
Sent: Thursday, March 19, 2009 8:15 PM
To: mozilla's crypto code discussion list
Subject: RE: Questions about Potentially Problematic Practices
> Will be then the multiple OCSP inclusion? (This time ok, the soft
> Will be then the multiple OCSP inclusion? (This time ok, the software can
> only check the first, but later the others too.)
Yes, including multiples of these things won't hurt. Firefox won't
crash or refuse to connect because multiple URIs for these things exist.
It will just ignore som
Varga Viktor wrote, On 2009-03-18 06:07:
> Will be then the multiple OCSP inclusion? (This time ok, the software can
> only check the first, but later the others too.)
Yes, including multiples of these things won't hurt. Firefox won't
crash or refuse to connect because multiple URIs for these th
I agree completely. The RFC does not exclude it. It's not a bad idea.
> Does the Firefox handle it?
Alas, no. I believe it always uses the first one it finds in the cert,
and only that.
Will be then the multiple OCSP inclusion?
(This time ok, the software can only check the first, but later
On 03/18/2009 12:57 PM, Nelson B Bolyard:
CDP is different, in numerous ways and for numerous reasons.
Today, Firefox does not do fetching of certs based on CDP, but that is
being implemented now, and I expect it will try potentially all DPs
until it gets an acceptable answer or exhausts the list
Varga Viktor wrote, On 2009-03-09 06:12:
> Multiple caIssuers and OCSP in AIA field, multiple CDP:
>
> The RFC 5280 doesn’t exclude to have multiple OCSP and caIssuers field
> in the AIA. It is good for redundancy, for example to have two OCSP
> responder, when one of th
Dear readers,
Previously i drop a mail about three question, and I got answer ont he OCSP
multiple request quiestion.
Other were not answered, so I cutted one part of it out, and posted it again.
I would like to know, how the Firefox (NSS) handle this case:
Multiple caIssuers and OCSP in AIA f
-bounces+varga_v=netlock...@lists.mozilla.org] On Behalf
Of Nelson Bolyard
Sent: Wednesday, March 11, 2009 10:31 AM
To: dev-tech-crypto@lists.mozilla.org
Subject: Re: SV: Questions about Potentially Problematic Practices
Jean-Marc Desperrier wrote, On 2009-03-10 04:55:
> Peter Lind Damkjær wr
Jean-Marc Desperrier wrote, On 2009-03-10 04:55:
> Peter Lind Damkjær wrote:
>> Varga Viktor wrote:
>>>
>>> OCSP request with multiple certificate from different CA
>>> --
>>>
>>> The RFC has the possibility to send multiple certificate serial number into
>>> OCSP request. It is not de
...@lists.mozilla.org
[mailto:dev-tech-crypto-bounces+varga_v=netlock...@lists.mozilla.org] On Behalf
Of Jean-Marc Desperrier
Sent: Tuesday, March 10, 2009 12:55 PM
To: dev-tech-crypto@lists.mozilla.org
Subject: Re: SV: Questions about Potentially Problematic Practices
Peter Lind Damkjær wrote:
> Varga Vik
Peter Lind Damkjær wrote:
Varga Viktor wrote:
> OCSP request with multiple certificate from different CA
--
The RFC has the possibility to send multiple certificate serial number into
OCSP request. It is not defined that allowed or not, to put two certificate
> serial number, fr
Varga Viktor wrote:
OCSP request with multiple certificate from different CA
--
The RFC has the possibility to send multiple certificate serial number into
OCSP request. It is not defined that allowed or not, to put two certificate
serial number, from different CA.
Request
I put the following questions on my bug at:
https://bugzilla.mozilla.org/show_bug.cgi?id=480966
There was mentioned to post here.
The first two is mainly technical, the last is affected by the CA policy.
Multiple caIssuers and OCSP in AIA field, multiple CDP:
The RFC 5
On 6/12/2008 4:46 PM, Wan-Teh Chang wrote [in part]:
> If a company or school needs to issue a lot of certs to its internal
> servers, what is the recommended practice? I always thought the
> organization should operate an intermediate CA subordinate to a
> root CA. Isn't that the hierarchical m
Wan-Teh Chang wrote:
> That page lists "Allowing external entities to operate subordinate CAs"
> as a problematic practice.
I think that a better title for that page would be "potentially
problematic practices". This is not really a binary "good" vs. "bad
Wan-Teh Chang:
That page lists "Allowing external entities to operate subordinate CAs"
as a problematic practice.
If a company or school needs to issue a lot of certs to its internal
servers, what is the recommended practice? I always thought the
organization should operate an intermediate CA s
2008/6/12 Eddy Nigg (StartCom Ltd.) <[EMAIL PROTECTED]>:
> I found that Frank created http://wiki.mozilla.org/CA:Problematic_Practices
> and Kathleen has started to ask questions also relating to those practices
> during here information gathering and reviews.
That page lists "Allowing external en
I found that Frank created
http://wiki.mozilla.org/CA:Problematic_Practices and Kathleen has
started to ask questions also relating to those practices during here
information gathering and reviews. I think this to be a very positive
development and apparently Kathleen has started to do a good a
18 matches
Mail list logo
