top | item 13496646

(no title)

rmhrisk | 9 years ago

Some PKI-related services can not, due to user agent behaviors and, do SSL, for example, consider OCSP; if to fetch an OCSP request you need to do an SSL connection and the library doing SSL does an OCSP check to verify the SSL cert you can end up in an infinite loop.

While it would be ideal for that not to be the case, one has to build out infrastructure that supports the way UAs behave today.

discuss

No comments yet.