* Devdatta Akhawe: > I was surprised to note that DigiNotar had a log of all IPs who had > requested an OCSP lookup for the bad certs. This seems like a very bad > idea on the OCSP server's part.
Verisign/Symantec keep logs as well, they even issue a yearly press release about them, usually in April: <http://www.symantec.com/connect/blogs/more-two-billion-ocsp-lookups-single-day> (The links to the actual release appear to be down right now.) _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
