[cabfpub] Pre-Ballot - Short-Life Certificates
Gervase Markham
gerv at mozilla.org
Thu Oct 30 06:29:09 MST 2014
On 29/10/14 22:12, Eddy Nigg wrote:
> Considering that CAs were required to modify the OCSP responders to
> include Good, Revoked and *Unknown* upon request of the browsers mostly
> (I believe Google was a strong supporter of that), it's rather confusing
> to know that browsers entirely ignore it if the certificates have no
> OCSP (and CRL) pointers, not speaking about checking this information
> when available.
How do you envisage a browser would know which server to ask about the
Certificate Status of a particular certificate, if the certificate did
not contain a server pointer?
Gerv
More information about the Public
mailing list