- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Thu, 20 Feb 2014 01:23:15 +1300
- To: ietf-http-wg@w3.org
On 19/02/2014 9:53 p.m., Nicolas Mailhot wrote: > > Le Mar 18 février 2014 10:49, Salvatore Loreto a écrit : >> > >> - if the question is how would be possible for the browser/client to run >> OCSP to check the validity of certificates from the CA if the OCSP is ran >> over TLS > > When OSCP refers to an external validation server accessing it requires > going through the proxy first… > Which circles back to DANE being far better than OSCP for most of these scenarios. So the thing which should be mandated IMHO. As this whole scenario is new there is no reason to stick with the verification methods known to be unworkable. Amos
Received on Wednesday, 19 February 2014 12:23:48 UTC