Re: report on EV and SSL MITM proxying

On Mon, 21 Mar 2011 16:47:41 +0100, peter williams <> wrote:

> If I am online, I may see a green address bar behind the address of an EV
> site. If I disconnect my home wifi router from its supporting broadband
> modem and then refresh the browser page on the home PC, the same site  
> will
> now appear not green (since revocation info is now "not available" for  
> the
> non-root cert).

Depends on the cache validity of the responses; and the determination is  
only done during a full TLS handshake; if you're disconnected there will  
be no negotiation

> Assume the AIA field in the user cert uses OCSP, and no CRL caches exist.
> If there are multiple browser instances open on the PC, some with pages
> refreshed some not, presumably some address bars for the one site are  
> green,
> some are not. Or, do browser instances in a PC sync their security state,
> and show a consistent set of green/not-green address bars?

For Opera, each browser instance (separate process) is on its own (might  
be tempered by a caching proxy), this probably applies to most browsers,  
possibly also MSIE

Yngve N. Pettersen
Senior Developer		     Email:
Opera Software ASA         
Phone:  +47 23 69 32 60              Fax:    +47 23 69 24 01

Received on Tuesday, 22 March 2011 01:52:42 UTC