Hi, > I'm getting an OCSP response "unauthorized" for a certificate that is > still within the validity period. > > Is discussing such events of interest for public discussion, or should > it rather be reported to the CA in private?
I say go ahead, this is after all about observations. FWIW, I have a list of CAs here that send some weird replies and I can show their OCSPs have lapses from time to time... Ralph -- Ralph Holz I8 - Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/ Phone +49.89.289.18043 PGP: A805 D19C E23E 6BBB E0C4 86DC 520E 0C83 69B0 03EF
