Hi,
On Mon, 11 May 2020 10:53:26 +0200
Hanno Böck via dev-security-policy
wrote:
> I did some checks on certificates and their AIA sections and noticed
> that several Microsoft certificates were referencing intermediate
> certificates in the "CA Issuer" field that give a 403 error.
>
>
On Mon, May 11, 2020 at 02:50:19PM +, Corey Bonnell via dev-security-policy
wrote:
> > * Are there rules that CAs must adhere to in regards to referencing the
> > intermediate in the AIA field? Does it need to be available? Does it
> > need to be there at all?
>
> It's optional
Just an FYI - I've also started a thread on the CA/Browser Forum list to
see about establishing OCSP uptime requirements in the Baseline
Requirements.
On Mon, May 11, 2020 at 5:45 AM Kurt Roeckx via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 2020-05-08 21:03, Wayne
Hi,
As I mentioned in my previous mail I found some instances of CAs
pointing to PEM encoded certificates in their AIA fields, while they
should be DER encoded.
I found such instances for 4 CAs, I'll list them with one example cert
and the URL of the referenced intermediate.
> * Are there rules that CAs must adhere to in regards to referencing the
> intermediate in the AIA field? Does it need to be available? Does it
> need to be there at all?
It's optional (SHOULD-level), as Baseline Requirements 7.1.2.3 (c) [1] states:
It (AIA extension) SHOULD also
Hi,
I have been doing some checks on certificates with the AIA Issuers
field. I already reported certificates with a 403 error on the HTTP url
of the intermediate (see earlier mail).
Now there's more stuff to be found and I'm wondering:
* Are there rules that CAs must adhere to in regards to
On 2020-05-08 21:03, Wayne Thayer wrote:
It was recently reported [1] that IdenTrust experienced a multi-day OCSP
outage about two weeks ago. Other recent OCSP issues have resulted in
incident reports [3][4], so I am concerned that IdenTrust didn't report
this, and I created a bug [5] to ensure
I did some checks on certificates and their AIA sections and noticed
that several Microsoft certificates were referencing intermediate
certificates in the "CA Issuer" field that give a 403 error.
http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%201.crt
8 matches
Mail list logo