[caops-wg] OCSP & Proxy Certs
Olle Mulmo
mulmo at pdc.kth.se
Sun Jan 29 15:47:20 CST 2006
On Jan 29, 2006, at 13:57, Cowles, Robert D. wrote:
> For what it's worth, there seem to be a number of wireless
> providers in airports, etc. that I'm seeing recently who
> are supplying OCSP information that Firefox chokes on and
> so it won't allow me connect to the site.
I think what you are getting at is the common Catch-22 situation
where the wireless provider redirects any HTTP access to the payment
portal until you have paid the access fee. Of course, the payment is
secured using an SSL channel, Firefox tries to contact the Verisign
OCSP responder in order to verify certificate status -- and retrieves
a second set of the portal HTML pages instead of an OCSP reply.
An implementation/configuration issue, which would disappear quickly
had OCSP status checking actually been in use...
/Olle
More information about the caops-wg
mailing list