- From: Yngve N. Pettersen <yngve@opera.com>
- Date: Thu, 28 Dec 2006 01:36:01 +0100
- To: "Doyle, Bill" <wdoyle@mitre.org>, "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
- Cc: public-wsc-wg@w3.org
On Wed, 27 Dec 2006 22:18:10 +0100, Doyle, Bill <wdoyle@mitre.org> wrote: > > > It has been fun and interesting working this thread and thanks for > helping me see some of the issues. Hope that someone else can step in > about use of OCSP/CRL or I need to go off for some research. Opera 8+ uses OCSP checking by default for the site certificate, provided that the CA supports. In 9.x various errors result in a lowering of the security level, but no warning or error (as opposed to 8.5x). This modification was done because of stability problems on several OCSP responders during 2006. AFAIK, IE7 for Vista also uses OCSP and/or CRL by default. I do not think MS activated it in IE7 for XP (separate components). IE6 have the ability, but it is disabled by default. Mozilla/firefox have the capability to check OCSP and (AFAIK, limited) CRL, but I am unsure about whether or not they have enabled it in FF2 (it is not enabled by default in 1.x) Revocation checking is part of the Extended Validation checks performed by the browser. See http://cabforum.org for more on that. -- Sincerely, Yngve N. Pettersen ******************************************************************** Senior Developer Email: yngve@opera.com Opera Software ASA http://www.opera.com/ Phone: +47 24 16 42 60 Fax: +47 24 16 40 01 ********************************************************************
Received on Thursday, 28 December 2006 00:36:10 UTC