W3C home > Mailing lists > Public > public-wsc-wg@w3.org > December 2006

Re: Browser security warning

From: Yngve N. Pettersen <yngve@opera.com>
Date: Thu, 28 Dec 2006 01:36:01 +0100
To: "Doyle, Bill" <wdoyle@mitre.org>, "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
Cc: public-wsc-wg@w3.org
Message-ID: <op.tk8umbibkvaitl@lessa-ii.domain>

On Wed, 27 Dec 2006 22:18:10 +0100, Doyle, Bill <wdoyle@mitre.org> wrote:

>
>
> It has been fun and interesting working this thread and thanks for
> helping me see some of the issues. Hope that someone else can step in
> about use of OCSP/CRL or I need to go off for some research.

Opera 8+ uses OCSP checking by default for the site certificate, provided  
that the CA supports. In 9.x various errors result in a lowering of the  
security level, but no warning or error (as opposed to 8.5x). This  
modification was done because of stability problems on several OCSP  
responders during 2006.

AFAIK, IE7 for Vista also uses OCSP and/or CRL by default. I do not think  
MS activated it in IE7 for XP (separate components). IE6 have the ability,  
but it is disabled by default.

Mozilla/firefox have the capability to check OCSP and (AFAIK, limited)  
CRL, but I am unsure about whether or not they have enabled it in FF2 (it  
is not enabled by default in 1.x)

Revocation checking is part of the Extended Validation checks performed by  
the browser. See http://cabforum.org for more on that.



-- 
Sincerely,
Yngve N. Pettersen

********************************************************************
Senior Developer                     Email: yngve@opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
********************************************************************
Received on Thursday, 28 December 2006 00:36:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:44 GMT