CA/Required or Recommended Practices: Difference between revisions

Jump to navigation Jump to search

CA/Required or Recommended Practices (view source)

Revision as of 18:20, 28 June 2010

4 bytes removed ,  28 June 2010
m
→‎OCSP
Line 54: Line 54:
CAs are expected to comply with the current EV Guidelines of the [http://www.cabforum.org/ CA/B Forum.]
CAs are expected to comply with the current EV Guidelines of the [http://www.cabforum.org/ CA/B Forum.]


Section 11.1.1 of the [http://www.cabforum.org/Guidelines_v1_2.pdf version 1.2 of the EV Guidelines] says: ''It is strongly RECOMMENDED that all CAs support OCSP when a majority of deployed Web servers support the TLS 1.0 extension in accordance to RFC 3546, to return “stapled” OCSP responses to EV-enabled applications. CAs MUST support an OCSP capability for Subscriber Certificates that are issued after Dec 31, 2010.''
Section 11.1.1 of [http://www.cabforum.org/Guidelines_v1_2.pdf version 1.2 of the EV Guidelines] says: ''It is strongly RECOMMENDED that all CAs support OCSP when a majority of deployed Web servers support the TLS 1.0 extension in accordance to RFC 3546, to return “stapled” OCSP responses to EV-enabled applications. CAs MUST support an OCSP capability for Subscriber Certificates that are issued after Dec 31, 2010.''


RFC 2560, sections 2.2, 2.6, 3.2 and 4.2.2.2 define the requirements for the OCSP response signer's certificate and certificate chain. NSS enforces these requirements exactly.
RFC 2560, sections 2.2, 2.6, 3.2 and 4.2.2.2 define the requirements for the OCSP response signer's certificate and certificate chain. NSS enforces these requirements exactly.
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/234304"

Navigation menu