W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: HTTP 2.0 and a Faster, more Mobile-friendly web

From: patrick mcmanus <pmcmanus@mozilla.com>
Date: Mon, 30 Jul 2012 08:52:51 -0700
Message-ID: <5016ADD3.4010600@mozilla.com>
To: Yoav Nir <ynir@checkpoint.com>
CC: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On 7/30/2012 8:46 AM, Yoav Nir wrote:
> Additionally, TLS requires the client to check revocation of the server certificate. Some browsers don't, but that's besides the point. Checking revocation involves fetching either a CRL or an OCSP response, and they are typically fetched over HTTP. If HTTP has to have TLS we have a bootstrap problem, unless checking revocation is relegated back down to HTTP/1.0.
that's not a roadblock.. we can address this largely via ocsp stapling.. 
also ocsp with a ca can be done over tls without cert verification 
because the ocsp response is signed separately.
Received on Monday, 30 July 2012 15:53:27 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:05 UTC