- From: Yngve N. Pettersen <yngve@opera.com>
- Date: Thu, 28 Dec 2006 19:09:37 +0100
- To: "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
- Cc: public-wsc-wg@w3.org
On Thu, 28 Dec 2006 16:05:46 +0100, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > I realise that the browsers are getting pretty good at including > the ability to do OSCP but my question remains as to how often that > actually happens. > > Presumably the ssl-server-cert has to include the relevant AIA > extension to trigger this? I've no good feeling for how common > that extension is in certs, nor for whether or not any inerop > issues have arisen with it - do you know? I know that Verisign/Thawte and GoDaddy are both issuing certificates with the OCSP information. I am unsure about other CAs but support is picking up, and OCSP support is required by the current EV guidelines draft for certificates issued after 2010. And roughly speaking we get at about one report a month about sites with revoked certificates that are still using the revoked certificate for some reason. Such reports are so frequent that I posted an article titled "Is that website still in business?" <URL: http://my.opera.com/yngve/blog/show.dml/508407 > about the background for the error and how difficult it can be to get it fixed. -- Sincerely, Yngve N. Pettersen ******************************************************************** Senior Developer Email: yngve@opera.com Opera Software ASA http://www.opera.com/ Phone: +47 24 16 42 60 Fax: +47 24 16 40 01 ********************************************************************
Received on Thursday, 28 December 2006 18:09:48 UTC