[cabfpub] insanity::pkix documentation

Rick Andrews Rick_Andrews at symantec.com
Wed Oct 9 20:03:39 UTC 2013


Thanks for sending this. The only item that gave me pause was the note about no support for CRLs, and the sentence: "The CABForum Extended Validation guidelines now require OCSP support, so Firefox no longer needs to process CRLs for EV certificates."

The EV Guidelines today require OCSP support (inherited from the BRs) but isn't it possible that there are some EV and non-EV certs out there today without an AIA pointer that were issued before the relevant requirements made OCSP mandatory? We (Symantec) haven't issued any such certs, but I thought others might have.


> -----Original Message-----
> From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org]
> On Behalf Of Gervase Markham
> Sent: Wednesday, October 09, 2013 12:15 PM
> To: CABFPub
> Subject: [cabfpub] insanity::pkix documentation
> Hi everyone,
> At the face-to-face, people asked for documentation on insanity::pkix.
> I hope the attached goes some way to meeting that need. Note that it's
> a
> 0.1 draft; it is being circulated for information and in the hope that
> it helps.
> The code can be found here:
> https://hg.mozilla.org/users/brian_briansmith.org/certverifier
> It's not the very latest, but it should give you a good idea. Also see
> Mozilla bug 878932 and related bugs.
> https://bugzilla.mozilla.org/show_bug.cgi?id=878932
> Gerv

More information about the Public mailing list