Le mercredi 7 janvier 2015 22:25:00 UTC+1, Kathleen Wilson a écrit : > China Financial Certification Authority (CFCA) has applied to include > the "CFCA EV ROOT" root certificate, turn on the websites trust bit, and > enable EV treatment. [...] > * Root Cert: https://bugzilla.mozilla.org/attachment.cgi?id=8356494 > > * Test Website: https://pub.cebnet.com.cn > > * OCSP > http://ocsp.cfca.com.cn/ocsp/ > CPS 4.8.9: The maximum validity period for OCSP response does not exceed > 7 days.
Sorry for the delay. Getting the CRL issued by "CFCA EV ROOT" shows 2 revoked certificates (serial numbers 0x844543D3B8 and 0xE6A7F45CF7). When requesting the OCSP for the status of these serial numbers, the OCSP responder replies with an "unknown" status. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy