> On Aug 8, 2017, at 10:29, identrust--- via dev-security-policy > <dev-security-policy@lists.mozilla.org> wrote: > > On Monday, August 7, 2017 at 4:47:39 PM UTC-4, Jonathan Rudenberg wrote: >> “IdenTrust ACES CA 2” has issued five certificates with an OCSP responder >> URL that has a HTTPS URI scheme. This is not valid, the OCSP responder URI >> is required to have the plaintext HTTP scheme according to Baseline >> Requirements section 7.1.2.2(c). >> >> Here’s the list of certificates: https://misissued.com/batch/4/ >> >> Jonathan > > IdenTrust had previously interpreted HTTP to be inclusive of HTTPS in this > context. That being said, we have altered our profiles for certificates > issued under this Sub CA to include only HTTP OCSP URLs. All certificates > issued going forward will contain an HTTP OCSP URL. We will also examine all > other sub CA to ensure only HTTP OCSP URLs are included. Thank you for > giving > us an opportunity to address this with the community
Thanks for the update. Can you also clarify why the subject organizationName is "U.S. Government” for all of these certificates, despite the other subject fields indicating organizations that are not a component of the US Government? Jonathan _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy