Re: [gentoo-dev] OCSP was: friendly reminder wrt net virtual in init scripts

2013-11-06 Thread Gordon Pettey
On Wed, Nov 6, 2013 at 7:36 PM, Alex Xu wrote: > On 06/11/13 08:00 PM, Michael Orlitzky wrote: >> On 11/06/2013 02:11 PM, Thomas D. wrote: >> >>> This is going OT but I cannot leave this statement uncommented, >>> because from my knowledge this is wrong/you are hiding important >>> information eve

Re: [gentoo-dev] OCSP was: friendly reminder wrt net virtual in init scripts

2013-11-06 Thread Alex Xu
On 06/11/13 08:00 PM, Michael Orlitzky wrote: > On 11/06/2013 02:11 PM, Thomas D. wrote: > >> This is going OT but I cannot leave this statement uncommented, >> because from my knowledge this is wrong/you are hiding important >> information everyone should know about: > > I figure everyone here i

Re: [gentoo-dev] OCSP Was: friendly reminder wrt net virtual in init scripts

2013-11-06 Thread Thomas D.
Hi, Duncan wrote: > Meanwhile, another question for Thomas. Is this "certificate stapling" > the same thing google chrome is now doing for the google site, that > enabled it to detect the (I think it was) Iranian and/or Chinese CA > tampering, allowing them to say a "google" cert was valid tha

[gentoo-dev] OCSP Was: friendly reminder wrt net virtual in init scripts

2013-11-06 Thread Duncan
mingdao posted on Wed, 06 Nov 2013 14:13:34 -0600 as excerpted: > Thanks for the detailed explanation, Thomas. > > Now, if any one of us turned off OCSP as Michael suggested, what should > one do after turning it back on? Could there now be certificates trusted > there which should not be? AFAIK