MozillaWiki

CA/Forbidden or Problematic Practices: Difference between revisions

Page Discussion

CA/Forbidden or Problematic Practices (view source)

Revision as of 20:59, 12 March 2010

43 bytes removed ,  12 March 2010
m
→‎OCSP Responses signed by a certificate under a different root
Line 65: Line 65:
=== OCSP Responses signed by a certificate under a different root ===
=== OCSP Responses signed by a certificate under a different root ===


CAs are not required to use OCSP. However, CAs who issue certificates with OCSP URLs in AIA extensions should make sure that the OCSP responses conform to RFC 2560, and work correctly for Mozilla users without requiring the user to find and install the OCSP responder's certificate, that is, the certificate with which the OCSP response signatures are verified.
CAs who issue certificates with OCSP URLs in AIA extensions should make sure that the OCSP responses conform to RFC 2560, and work correctly for Mozilla users without requiring the user to find and install the OCSP responder's certificate, that is, the certificate with which the OCSP response signatures are verified.


At least one CA has issued certificates with OCSP URLs that reference OCSP responders that do not serve queries from the general public, and/or send out responses that are signed with a certificate that is  
At least one CA has issued certificates with OCSP URLs that reference OCSP responders that do not serve queries from the general public, and/or send out responses that are signed with a certificate that is  
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/207996"