On 3/13/14, 3:23 AM, Adriano Santoni - Actalis S.p.A. wrote:
See below:
Il 13/03/2014 01:09, Erwann Abalea ha scritto:
When requesting the OCSP responder to check the subscriber certificate
(thus signed by the intermediate), the response contains a self-signed
certificate for your intermediate CA, instead of the "root-issued"
genuine one. Why? It can make some software reject your responses
(even if they shouldn't).
Right. We will fix it shortly.
The authorized OCSP responders certificates don't contain the
mandatory OCSPNoCheck extension (BR 1.1, section 13.2.5).
We forgot that extension, will reissue the responder certificate at the
earliest.
Please let us know when these have been addressed.
Does anyone else have feedback on this request from Actalis to enable EV
treatment for the “Actalis Authentication Root CA” root certificate?
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
