Hello Ryan, I’m fully understanding your argumentative line, but I’d still have a question for you:
Does the operator of a root and it’s hierarchy have the right to delegate OCSP responses to its own responders? If your answer is “No”, then I don’t have anything else to say, but if your answer is “Yes”, then I’ll be having still a hard time to see the security risk derived of this issue. Thanks. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy