Browsers by default just ignore any OCSP error. So while the browser
might have seen an error getting the OCSP reply, the user is not aware
of it.
And why Browsers do ignore OCSP errors? Because some CA don't take OCSP
errors seriously.
So yes, it has an impact: it comfort Browsers in that s
On Fri, 15 May 2020 10:13:01 -0400
Lee via dev-security-policy
wrote:
> How is this situation different from the time when the google ocsp
> service was down?
Maybe some clarification here:
The Google OCSP was the OCSP for end entity certificates.
The Identrust OCSP was the OCSP server for inter
On 5/15/20, Peter Gutmann via dev-security-policy
wrote:
> Hanno Böck writes:
>
>>The impact it had was a monitoring system that checked whether the
>>certificate of a host was okay, using gnutls-cli with ocsp enabled (which
>>also uncovered a somewhat unexpected inconsistency in how the gnutls c
On 2020-05-15 08:47, Peter Gutmann wrote:
Hanno Böck writes:
The impact it had was a monitoring system that checked whether the
certificate of a host was okay, using gnutls-cli with ocsp enabled (which
also uncovered a somewhat unexpected inconsistency in how the gnutls cli tool
behaves[1]).
Hanno Böck writes:
>The impact it had was a monitoring system that checked whether the
>certificate of a host was okay, using gnutls-cli with ocsp enabled (which
>also uncovered a somewhat unexpected inconsistency in how the gnutls cli tool
>behaves[1]).
Sure, but if the only impact was on a spe
On Wed, May 13, 2020 at 12:12 AM Peter Gutmann
wrote:
> Ryan Sleevi writes:
>
> >>Following up on this, would it be correct to assume that, since no-one
> has
> >>pointed out any impact that this had on anything, that it's more a
> >>certificational issue than anything with real-world consequenc
On Wed, 13 May 2020 02:29:07 +
Peter Gutmann via dev-security-policy
wrote:
> Following up on this, would it be correct to assume that, since
> no-one has pointed out any impact that this had on anything, that
> it's more a certificational issue than anything with real-world
> consequences?
Ryan Sleevi writes:
>>Following up on this, would it be correct to assume that, since no-one has
>>pointed out any impact that this had on anything, that it's more a
>>certificational issue than anything with real-world consequences?
>
>That seems quite a suppositional leap, don't you think?
It'
On Tue, May 12, 2020 at 10:29 PM Peter Gutmann via dev-security-policy
wrote:
>
> >Just to understand the scope of this, what was the impact on end users?
>
> Following up on this, would it be correct to assume that, since no-one has
> pointed out any impact that this had on anything, that it's mo
>Just to understand the scope of this, what was the impact on end users?
Following up on this, would it be correct to assume that, since no-one has
pointed out any impact that this had on anything, that it's more a
certificational issue than anything with real-world consequences?
Peter.
_
Just an FYI - I've also started a thread on the CA/Browser Forum list to
see about establishing OCSP uptime requirements in the Baseline
Requirements.
On Mon, May 11, 2020 at 5:45 AM Kurt Roeckx via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 2020-05-08 21:03, Wayne T
On 2020-05-08 21:03, Wayne Thayer wrote:
It was recently reported [1] that IdenTrust experienced a multi-day OCSP
outage about two weeks ago. Other recent OCSP issues have resulted in
incident reports [3][4], so I am concerned that IdenTrust didn't report
this, and I created a bug [5] to ensure t
Wayne Thayer via dev-security-policy
writes:
>It was recently reported [1] that IdenTrust experienced a multi-day OCSP
>outage about two weeks ago.
Just to understand the scope of this, what was the impact on end users? If it
went on for multiple days then presumably no-one noticed it, the sec
It was recently reported [1] that IdenTrust experienced a multi-day OCSP
outage about two weeks ago. Other recent OCSP issues have resulted in
incident reports [3][4], so I am concerned that IdenTrust didn't report
this, and I created a bug [5] to ensure that we track the issue (assuming
the report
14 matches
Mail list logo
