-bounces+varga_v=netlock...@lists.mozilla.org] On Behalf
Of Varga Viktor
Sent: Thursday, March 19, 2009 8:15 PM
To: mozilla's crypto code discussion list
Subject: RE: Questions about Potentially Problematic Practices
> Will be then the multiple OCSP inclusion? (This time ok, the soft
> Will be then the multiple OCSP inclusion? (This time ok, the software can
> only check the first, but later the others too.)
Yes, including multiples of these things won't hurt. Firefox won't
crash or refuse to connect because multiple URIs for these things exist.
It will just ignore som
Varga Viktor wrote, On 2009-03-18 06:07:
> Will be then the multiple OCSP inclusion? (This time ok, the software can
> only check the first, but later the others too.)
Yes, including multiples of these things won't hurt. Firefox won't
crash or refuse to connect because multiple URIs for these th
I agree completely. The RFC does not exclude it. It's not a bad idea.
> Does the Firefox handle it?
Alas, no. I believe it always uses the first one it finds in the cert,
and only that.
Will be then the multiple OCSP inclusion?
(This time ok, the software can only check the first, but later
On 03/18/2009 12:57 PM, Nelson B Bolyard:
CDP is different, in numerous ways and for numerous reasons.
Today, Firefox does not do fetching of certs based on CDP, but that is
being implemented now, and I expect it will try potentially all DPs
until it gets an acceptable answer or exhausts the list
Varga Viktor wrote, On 2009-03-09 06:12:
> Multiple caIssuers and OCSP in AIA field, multiple CDP:
>
> The RFC 5280 doesn’t exclude to have multiple OCSP and caIssuers field
> in the AIA. It is good for redundancy, for example to have two OCSP
> responder, when one of th
6 matches
Mail list logo
