W3C home > Mailing lists > Public > public-xg-webid@w3.org > March 2011

Re: report on EV and SSL MITM proxying

From: Yngve N. Pettersen (Developer Opera Software ASA) <yngve@opera.com>
Date: Tue, 22 Mar 2011 02:52:13 +0100
To: public-xg-webid@w3.org
Message-ID: <op.vsp15bcjqrq7tp@acorna.invalid.invalid>
On Mon, 21 Mar 2011 16:47:41 +0100, peter williams <home_pw@msn.com> wrote:

> If I am online, I may see a green address bar behind the address of an EV
> site. If I disconnect my home wifi router from its supporting broadband
> modem and then refresh the browser page on the home PC, the same site  
> will
> now appear not green (since revocation info is now "not available" for  
> the
> non-root cert).

Depends on the cache validity of the responses; and the determination is  
only done during a full TLS handshake; if you're disconnected there will  
be no negotiation

> Assume the AIA field in the user cert uses OCSP, and no CRL caches exist.
>
> If there are multiple browser instances open on the PC, some with pages
> refreshed some not, presumably some address bars for the one site are  
> green,
> some are not. Or, do browser instances in a PC sync their security state,
> and show a consistent set of green/not-green address bars?


For Opera, each browser instance (separate process) is on its own (might  
be tempered by a caching proxy), this probably applies to most browsers,  
possibly also MSIE


-- 
Sincerely,
Yngve N. Pettersen
********************************************************************
Senior Developer		     Email: yngve@opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 23 69 32 60              Fax:    +47 23 69 24 01
********************************************************************
Received on Tuesday, 22 March 2011 01:52:42 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 22 March 2011 01:52:43 GMT