On 2/25/2009 2:04 PM, Kyle Hamilton wrote: > Postel's first rule of interoperability: be liberal in what you > accept, be conservative in what you send. > > Which RFC requires which? (I had read somewhere, for example, that > wildcard certificates must be handled by HTTP over TLS servers in a > particular way -- it turns out that it wasn't part of PKIX, as I had > thought, but rather an Informational RFC regarding "HTTP over TLS".) > > -Kyle H > > On Wed, Feb 25, 2009 at 1:57 PM, Nelson B Bolyard <nel...@bolyard.me> wrote: >> Kyle Hamilton wrote, On 2009-02-25 13:56: >>> This is going to sound rather stupid of me, but I'm going to ask this >>> anyway: >>> Why is Firefox insisting on a specific encoding of the data, rather >>> than being flexible to alternate, unconfusable, common encodings? >> The RFCs require conforming CAs to send binary DER CRLs.
In the case of secure browsing at authenticated Web sites, I want to be conservative in what I accept. If a CA is generating certificates that do not comply with accepted RFCs, what else is that CA doing wrong? In other words, if a CA sends CRLs that are not binary DER, that should be a red flag that the CA might not be trustworthy in other respects. -- David E. Ross <http://www.rossde.com/> Go to Mozdev at <http://www.mozdev.org/> for quick access to extensions for Firefox, Thunderbird, SeaMonkey, and other Mozilla-related applications. You can access Mozdev much more quickly than you can Mozilla Add-Ons. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
