CA:RevocationPlan: Difference between revisions

Jump to navigation Jump to search

CA:RevocationPlan (view source)

Revision as of 21:32, 3 November 2014

282 bytes added ,  3 November 2014
→‎Long-range Vision
m (Tidying up; hope this is useful :-))
Line 51: Line 51:


Enabling hard-fail on live OCSP by default may not be achievable, and is a long-term goal in any case.  We will proceed by implementing the fast-path options first, and measuring (1) how much they reduce live OCSP usage and (2) OCSP failure rates.
Enabling hard-fail on live OCSP by default may not be achievable, and is a long-term goal in any case.  We will proceed by implementing the fast-path options first, and measuring (1) how much they reduce live OCSP usage and (2) OCSP failure rates.
The Baseline Requirements forbid publicly-trusted CAs from issuing certificates without revocation pointers. For reasons of compatibility with other PKIs, such as enterprise PKIs, Firefox currently accepts such certificates if they are otherwise valid, and will continue to do so.


== Proposed Changes ==
== Proposed Changes ==
Gerv
Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1030196"

Navigation menu