-bounces+varga_v=netlock...@lists.mozilla.org] On Behalf
Of Varga Viktor
Sent: Thursday, March 19, 2009 8:15 PM
To: mozilla's crypto code discussion list
Subject: RE: Questions about Potentially Problematic Practices
> Will be then the multiple OCSP inclusion? (This time ok, the soft
> Will be then the multiple OCSP inclusion? (This time ok, the software can
> only check the first, but later the others too.)
Yes, including multiples of these things won't hurt. Firefox won't
crash or refuse to connect because multiple URIs for these things exist.
It will just ignore som
Varga Viktor wrote, On 2009-03-18 06:07:
> Will be then the multiple OCSP inclusion? (This time ok, the software can
> only check the first, but later the others too.)
Yes, including multiples of these things won't hurt. Firefox won't
crash or refuse to connect because multiple URIs for these th
I agree completely. The RFC does not exclude it. It's not a bad idea.
> Does the Firefox handle it?
Alas, no. I believe it always uses the first one it finds in the cert,
and only that.
Will be then the multiple OCSP inclusion?
(This time ok, the software can only check the first, but later
On 03/18/2009 12:57 PM, Nelson B Bolyard:
CDP is different, in numerous ways and for numerous reasons.
Today, Firefox does not do fetching of certs based on CDP, but that is
being implemented now, and I expect it will try potentially all DPs
until it gets an acceptable answer or exhausts the list
Varga Viktor wrote, On 2009-03-09 06:12:
> Multiple caIssuers and OCSP in AIA field, multiple CDP:
>
> The RFC 5280 doesn’t exclude to have multiple OCSP and caIssuers field
> in the AIA. It is good for redundancy, for example to have two OCSP
> responder, when one of th
Dear readers,
Previously i drop a mail about three question, and I got answer ont he OCSP
multiple request quiestion.
Other were not answered, so I cutted one part of it out, and posted it again.
I would like to know, how the Firefox (NSS) handle this case:
Multiple caIssuers and OCSP in AIA f
-bounces+varga_v=netlock...@lists.mozilla.org] On Behalf
Of Nelson Bolyard
Sent: Wednesday, March 11, 2009 10:31 AM
To: dev-tech-crypto@lists.mozilla.org
Subject: Re: SV: Questions about Potentially Problematic Practices
Jean-Marc Desperrier wrote, On 2009-03-10 04:55:
> Peter Lind Damkjær wr
Jean-Marc Desperrier wrote, On 2009-03-10 04:55:
> Peter Lind Damkjær wrote:
>> Varga Viktor wrote:
>>>
>>> OCSP request with multiple certificate from different CA
>>> --
>>>
>>> The RFC has the possibility to send multiple certificate serial number into
>>> OCSP request. It is not de
...@lists.mozilla.org
[mailto:dev-tech-crypto-bounces+varga_v=netlock...@lists.mozilla.org] On Behalf
Of Jean-Marc Desperrier
Sent: Tuesday, March 10, 2009 12:55 PM
To: dev-tech-crypto@lists.mozilla.org
Subject: Re: SV: Questions about Potentially Problematic Practices
Peter Lind Damkjær wrote:
> Varga Vik
Peter Lind Damkjær wrote:
Varga Viktor wrote:
> OCSP request with multiple certificate from different CA
--
The RFC has the possibility to send multiple certificate serial number into
OCSP request. It is not defined that allowed or not, to put two certificate
> serial number, fr
Varga Viktor wrote:
OCSP request with multiple certificate from different CA
--
The RFC has the possibility to send multiple certificate serial number into
OCSP request. It is not defined that allowed or not, to put two certificate
serial number, from different CA.
Request
I put the following questions on my bug at:
https://bugzilla.mozilla.org/show_bug.cgi?id=480966
There was mentioned to post here.
The first two is mainly technical, the last is affected by the CA policy.
Multiple caIssuers and OCSP in AIA field, multiple CDP:
The RFC 5
13 matches
Mail list logo
