On 06/09/2011 11:48, Devdatta Akhawe wrote:
[...] if I visit
https://www.secure.com in private browsing mode; Firefox makes a OCSP
request. After closing private browsing mode and going back to the
normal mode, if I go to https://www.secure.com then Firefox caches the
OCSP responses and doesn't
On Mon, Sep 5, 2011 at 7:35 PM, Walter do Valle w...@jfsc.jus.br wrote:
Hi all
I'm looking for a way to programmatically find the current Firefox profile
folder. I'm developing a digital signing solution entirely in web. In other
words, I'm developing a signed Java applet that reads the
On 06/09/11 03:48, Devdatta Akhawe wrote:
I was surprised to note that DigiNotar had a log of all IPs who had
requested an OCSP lookup for the bad certs. This seems like a very bad
idea on the OCSP server's part.
Well, the list of IPs has been passed to Google, who are now able to
warn people
Well, the list of IPs has been passed to Google, who are now able to
warn people accessing Google from those IPs that there is a problem. So
there are both good and bad sides to it.
Sure. But I think users would be very surprised to find that every
time they visit a SSL site, some server
Related but not exactly on point:
==
The rogue certificate found by Google was issued by the DigiNotar Public
CA 2025. The serial number of the certificate was, however, not found in
the CA system‟s records. This leads to the conclusion that it is unknown
how many certificates were
Hmm. That hints that the logging wasn't turned on by default, but I
would prefer a confirmation from the CAs and a definitive policy from
Mozilla.
Or considering the momentum on the Do-Not-Track proposal, have a CA
policy that says Do not log if the OCSP request has a DNT:1 ?
thanks
devdatta