[cabfpub] Pre-Ballot - Short-Life Certificates

Gervase Markham gerv at mozilla.org
Thu Oct 30 13:29:09 UTC 2014


On 29/10/14 22:12, Eddy Nigg wrote:
> Considering that CAs were required to modify the OCSP responders to
> include Good, Revoked and *Unknown* upon request of the browsers mostly
> (I believe Google was a strong supporter of that), it's rather confusing
> to know that browsers entirely ignore it if the certificates have no
> OCSP (and CRL) pointers, not speaking about checking this information
> when available.

How do you envisage a browser would know which server to ask about the
Certificate Status of a particular certificate, if the certificate did
not contain a server pointer?

Gerv




More information about the Public mailing list