On Tue, 14 Apr 2020 13:13:59 -0700 Andy Warner via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote:
> From 2020-04-08 16:25 UTC to 2020-04-09 05:40 UTC, Google Trust > Services' EJBCA based CAs (GIAG4, GIAG4ECC, GTSY1-4) served empty > OCSP data which led the OCSP responders to return unauthorized. No new lessons for CAs here in general, but I think this incident is worth highlighting as an example to OCSP Stapling implementations. It is desirable (not technically required in the standard, but necessary to a robust implementation) that your software should not be adversely affected by an outage like this. Mistakes will happen, and good software can and thus should allow for them without introducing cascading failure. Specifically: You should cache your stapled GOOD answers in durable storage if practical, and when periodically refreshing you should report non-GOOD answers to the operator (e.g. logging them as an ERROR condition) but always continue to present clients with the last GOOD answer until it actually expires even if you receive newer non-GOOD OCSP responses. Nick. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
