- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Thu, 28 Dec 2006 19:28:05 +0000
- To: "Yngve N. Pettersen" <yngve@opera.com>
- CC: public-wsc-wg@w3.org
Yngve N. Pettersen wrote: > I know that Verisign/Thawte and GoDaddy are both issuing certificates > with the OCSP information. I am unsure about other CAs but support is > picking up, and OCSP support is required by the current EV guidelines > draft for certificates issued after 2010. Thanks. So currently there's probably a v. small but growing set of SSL sessions that involve revocation checking and one could expect that set to become significant in a couple of years. Sounds like a reasonable thing to take into account later. Anyone know if there're any other schemes similar to the EV stuff? If there were, say, a similar scheme for pharma companies (I could imagine that at least), then we should consider the EV scheme as one amongst many, albeit perhaps the most significant one. The current "green bar" model doesn't seem very extensible if there will be more EV-type schemes that count. > And roughly speaking we get at about one report a month about sites with > revoked certificates that are still using the revoked certificate for > some reason. > > Such reports are so frequent that I posted an article titled "Is that > website still in business?" <URL: > http://my.opera.com/yngve/blog/show.dml/508407 > about the background > for the error and how difficult it can be to get it fixed. Nice article! S.
Received on Thursday, 28 December 2006 19:27:28 UTC