[cabfpub] Web Security Context: User Interface Guidelines
gerv at mozilla.org
Wed Sep 19 09:05:28 UTC 2012
On 18/09/12 18:46, Rick Andrews wrote:
>>> negotiation, the end-entity certificate presented or one of the
>>> intermediate certificates in the certificate chain are found to
>>> have been revoked, error signaling of class danger (6.4.3 Danger
>>> Messages) MUST be used."
>> Do you think that Firefox doesn't do that?
> Back in June there was a thread about revocation checking in Firefox
> in which you and Bob Relyea indicated that FF uses two different
> libraries, and one of those libraries did not check intermediates.
The text says "are found to have been revoked". It's a UI document, not
a document which mandates revocation checking. If Firefox finds a
certificate to be revoked, it always signals an error, and so complies
with this document. Your beef, as I understand it, is that it's possible
for Firefox not to find a certificate revoked which has, in fact, been
revoked, because it doesn't check (in the case of intermediates).
You are already aware that we are working to improve our story in this
area, as I have said before.
More information about the Public