Rob Stradling:
"the OCSP URI in the CA root IS a problem"
Nelson, does NSS ever attempt to check the revocation status of a built-in
Root Certificate if that Root Certificate contains CRLDP(s) and/or OCSP
URI(s) ?
Adding to Nelson's comment....CRL is checked at any level if provided
(requires manually providing the CRLDP). EV requires CRL and/or OCSP
checking at the intermediate CA level, hence I expect it to check those
at least. With the root there is always the egg-and-chicken game as you
most likely know...
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: [EMAIL PROTECTED]
Blog: https://blog.startcom.org
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto