GaryK wrote:
> .NET CLR 2.0.50727; .NET CLR 1.1.4322),gzip(gfe),gzip(gfe)
> Injection-Info: m73g2000cwd.googlegroups.com; posting-host=65.205.251.51;
> posting-account=bqHXlg0AAABIeE5JRZLSrHSri2ZbRXKH
What's all that stuff?
> I am a technical director at VeriSign and was asked a question th
day, August 08, 2006 8:59 AM
> To: Krall, Gary
> Cc: dev-tech-crypto@lists.mozilla.org
> Subject: Re: OCSP/CRL handling in Firefox
>
>
> Gary Krall wrote:
>
> > I'm curious to know what FF does in this regard. Does it
> fall-back to
> > CRLs when it
Nelson B Bolyard wrote:
> On a related topic, perhaps you can speak to whether Verisign still considers
> Alex Deacon's bug report https://bugzilla.mozilla.org/show_bug.cgi?id=234129
> to be an issue?
I spoke with Alex this morning and yes he feels that this is still a bug and
should be fixed.
Nelson B Bolyard wrote:
Presently, A user must initiate the first fetch of a CRL from the CA.
To clarify, AFAIK all that is required is for a user to click on a link
to the CRL, *if* the CRL data is returned with a MIME type of
"application/pkix-crl". Firefox then imports the CRL and prompts
Nelson B Bolyard wrote:
Presently, A user must initiate the first fetch of a CRL from the CA.
CRLs are fetched asynchronously from cert chain validation.
CRLs are stored on disk locally, IIRC. After fetching the first one,
mozilla clients will fetch subsequent CRLs automatically on a periodic
ba
Gary Krall wrote:
> I'm curious to know what FF does in this regard. Does it fall-back to
> CRLs when it cannot connect to our OCSP server? If not are there any
> plans to implement something like this in the future?
Handling of OCSP and CRLs is rather separate.
Presently, A user must initi
6 matches
Mail list logo
