On 12/16/14 11:28 AM, Kathleen Wilson wrote:
On 10/30/14 11:16 AM, Kathleen Wilson wrote:
IdenTrust has applied to include the “IdenTrust Commercial Root CA 1”
and “IdenTrust Public Sector Root CA 1” root certificates, and turn on
the Websites and Email trust bits for both. The “IdenTrust
Comment 3:
The OCSP responders both include too many certificates, this has a
performance impact for your users; no need to include intermediate and root
certificates in the response. Not a blocker.
[IdenTrust] You are correct that there is some performance impact.
However, this approach
On 11/20/14 3:19 PM, kirk_h...@trendmicro.com wrote:
Kathleen, out of curiosity -- what's the difference between a Root Renewal
Request and a simple request to add a new root to the Mozilla root store? Are they
essentially the same process, or is a root renewal request treated differently?
Bonsoir,
Le mercredi 19 novembre 2014 01:03:29 UTC+1, Renne Rodriguez a écrit :
[...]
Comment 3:
The OCSP responders both include too many certificates, this has a
performance impact for your users; no need to include intermediate and root
certificates in the response. Not a blocker.
Le jeudi 20 novembre 2014 21:23:41 UTC+1, Brian Smith a écrit :
Renne Rodriguez r...r...@ide...st.com wrote:
Comment 3:
The OCSP responders both include too many certificates, this has a
performance impact for your users; no need to include intermediate and root
certificates in the
Comment 3:
The OCSP responders both include too many certificates, this has a
performance impact for your users; no need to include intermediate and root
certificates in the response. Not a blocker.
[IdenTrust] You are correct that there is some performance impact.
However, this approach
Kathleen, out of curiosity -- what's the difference between a Root Renewal
Request and a simple request to add a new root to the Mozilla root store? Are
they essentially the same process, or is a root renewal request treated
differently?
On Thursday, October 30, 2014 11:17:41 AM UTC-7,
Erwann,
Thank you for your input, it was insightful. See our responses below.
Comment 1:
Intermediate certificates include EKU OIDs for IPSec {Tunnel, User, End
System}, which is weird; why would anyone want a *public* certificate to
authentify against a virtual *private* network? That's not
Le jeudi 30 octobre 2014 19:17:41 UTC+1, Kathleen Wilson a écrit :
IdenTrust has applied to include the IdenTrust Commercial Root CA 1
and IdenTrust Public Sector Root CA 1 root certificates, and turn on
the Websites and Email trust bits for both. The IdenTrust Commercial
Root CA 1 root
Am 07.11.2014 um 14:35 schrieb Erwann Abalea:
Intermediate certificates include EKU OIDs for IPSec {Tunnel, User, End
System},
which is weird; why would anyone want a *public* certificate to authentify
against a virtual *private* network?
If an organisation is already using a proper PKI, why
IdenTrust has applied to include the “IdenTrust Commercial Root CA 1”
and “IdenTrust Public Sector Root CA 1” root certificates, and turn on
the Websites and Email trust bits for both. The “IdenTrust Commercial
Root CA 1” root will eventually replace the “DST Root X3” certificate,
and the
11 matches
Mail list logo
