I'm guessing here you are referring to servers set up to accept client side certificates?
Yes, that's the primary use case AFAIK.
Wouldn't such servers be generally set up under fairly close system administration control? And thus take themselves out of the scope of "default" policies such as envisaged by the default root list distros.
Yes. This is independent of Mozilla policy.
I don't know much in this area - I've not seen too much in way of servers that do client certs nor deal with CRLs, etc. Do Mozilla actually deliver a server?
No. But it's relevant to Julien, Nelson, etc., because they work for companies that do deliver server software. (As Nelson points out, they're *not* being paid to work on Mozilla-related issues, which is why we all owe them many thanks for the Mozilla-related work they find time to do. So let me say it once again with feeling, "THANKS GUYS!!" :-)
2. Servers, etc, adminstrators could be expected to be 'savvy' and capable of dealing with CRLs and root lists.
I'd hope so, but then I'd also hope that server administrators learn how to acquire and install valid SSL server certs before they try dealing with client certs :-)
Frank
-- Frank Hecker [EMAIL PROTECTED] _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
