MozillaWiki

CA/Comodo Misissuance Response: Difference between revisions

Page Discussion

CA/Comodo Misissuance Response (view source)

Revision as of 16:23, 28 March 2011

81 bytes added ,  28 March 2011
→‎Changes to Firefox
Line 62: Line 62:
* Change it so that an OCSP failure is a hard failure if the site is using [http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security HSTS]
* Change it so that an OCSP failure is a hard failure if the site is using [http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security HSTS]


OCSP improvement solutions would need to deal with protocol problems such as the current ability to return "try again later". In addition, Google (as an example of a large site) are [https://mail1.eff.org/pipermail/observatory/2011-March/000115.html on record] as saying that they would oppose this, as they are not willing to tie their site's uptime to their CA's OCSP responder's uptime.
OCSP improvement solutions would need to deal with protocol problems such as the current ability to [http://thoughtcrime.org/papers/ocsp-attack.pdfreturn "try again later"]. In addition, Google (as an example of a large site) are [https://mail1.eff.org/pipermail/observatory/2011-March/000115.html on record] as saying that they would oppose this, as they are not willing to tie their site's uptime to their CA's OCSP responder's uptime.


They would also need to deal with issues like captive portals on WiFi hotspots where the login page is SSL-protected.
They would also need to deal with issues like captive portals on WiFi hotspots where the login page is SSL-protected, and scenarios around proxy auth.


==Future Technologies==
==Future Technologies==
Gerv
Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/294260"