There's been some discussion of revocation services deep in other threads.
I think understanding these is important, and I suspect my knowledge is too limited; does anyone have a link to a primer?
What proportion of CAs run a revocation service?
What proportion of them use OCSP?
Can someone summarise the issues with turning on OCSP in Firefox by default?
Does Firefox support CRLs? Can it get them automatically? Why doesn't it? Are they too big?
If CRLs are a pain to fetch, could we have a scheme where being suspicious of an SSL site (according to some sort of phishing detector) triggered a CRL download?
Gerv _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
