The default setting in Firefox (and possibly safari) is to use OCSP for validation of certificates where OCSP is referenced. The *.ietf.org certificate has as part of the Authority Information Field the value; OCSP: URI: http://ocsp.starfieldtech.com This url is unreachable from many non-US sites, for reasons known only to Godaddy I presume. The pragmatic workaround in firefox is to set the option to not using OCSP for certificate validation. Geoff Alexa Morris wrote: > As soon as the SSL problem was reported, AMS performed additional testing on > many different computers. However, we were unable to duplicate this problem. > If someone else experiences this issue and is concerned, please send an > email ietf-action@xxxxxxxxx Alternatively, please feel free to contact me > directly at any time. > > Regards, > Alexa > > > ----------- > Alexa Morris / Executive Director / IETF > 48377 Fremont Blvd., Suite 117, Fremont, CA 94538 > Phone: +1.510.492.4089 / Fax: +1.510.492.4001 > Email: amorris@xxxxxxxx > > Managed by Association Management Solutions (AMS) > Forum Management, Meeting and Event Planning > www.amsl.com <http://www.amsl.com/> > > > On 2/20/08 10:45 AM, "James Galvin" <galvin+ietf@xxxxxxxxxx> wrote: > >> AMS obtains certificates for their clients from Starfield >> Technologies: >> >> <http://www.starfieldtech.com/> >> >> Do you have a concern about this choice or is your concern about >> the fact that your browser didn't accept the certificate by default? >> >> If you have a concern about this choice it would help if you could >> be specific about what that is. Their web site seems pretty >> complete to me so any one of us could "check them out." I think we >> need to trust AMS to make a good choice unless we can identify an >> issue. >> >> As far your browser not accepting the certificate, I'm sure you >> realize there a lot of reasons that could happen including the >> latest version of Safari "missing" a particular root certificate. >> >> Jim >> >> >> >> >> >> -- On Wednesday, February 20, 2008 6:04 PM +0100 Iljitsch van >> Beijnum <iljitsch@xxxxxxxxx> wrote regarding amsl.com certificate? >> -- >> >>> I just registered for IETF-71 and tried to pay. I wasn't bothered >>> too much when I got an SSL warning for the former, but I >>> hesitate to proceed with the latter, which is also under the >>> amsl.com domain. >>> >>> My browser (the latest version of Safari on the Mac) complains >>> that the issuer of the certificate is untrusted. That would be >>> Starfield Secure Certification Authority. >>> >>> Is this a CA in good standing that we should trust? >>> >>> Iljitsch >> _______________________________________________ >> Ietf mailing list >> Ietf@xxxxxxxx >> http://www.ietf.org/mailman/listinfo/ietf >> > > > _______________________________________________ > IETF mailing list > IETF@xxxxxxxx > http://www.ietf.org/mailman/listinfo/ietf > _______________________________________________ IETF mailing list IETF@xxxxxxxx http://www.ietf.org/mailman/listinfo/ietf