On 1/21/2018 9:50 AM, Ryan Sleevi wrote: > I couldn’t find that listed in the CP/CPS as where to report problems. > Instead, I see a different email listed. > > What made you decide to ignore the CP/CPS, which is where CAs list their > problem reporting mechanisms? > > Given that a CA’s CP/CPS applies to their hierarchy and issuance practices, > not a single certificate, and given that past discussions on this list have > specifically called out the CP/CPS as the place to determine problem > reporting mechanisms, it does seem unreasonable to expect arbitrary > reporting mechanisms to get the same attention as the defined mechanisms.
At the time I tried reporting the problem, I forgot that Google had a pending request to add its root to NSS. When I checked the Certificate Manager list of Authorities in my browser, Google did not appear. In any case, this OCSP problem still makes me question Google's ability to manage a certification authority. As a prior reply in this thread indicates, it took two days for Google to even acknowledge there is a problem. As of right now, it appears the problem has been fixed. With both checkboxes checked under OCSP at [Edit > Preferences > Privacy & Security > Certificates], I am now able to reach Google Web sites. -- David E. Ross <http://www.rossde.com/> President Trump: Please stop using Twitter. We need to hear your voice and see you talking. We need to know when your message is really your own and not your attorney's. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
