Re: AIA CA Issuers URL gives 403 (Microsoft)

Hi, On Mon, 11 May 2020 10:53:26 +0200 Hanno Böck via dev-security-policy wrote: > I did some checks on certificates and their AIA sections and noticed > that several Microsoft certificates were referencing intermediate > certificates in the "CA Issuer" field that give a 403 error. > >

Re: AIA CA Issuers field

On Mon, May 11, 2020 at 02:50:19PM +, Corey Bonnell via dev-security-policy wrote: > > * Are there rules that CAs must adhere to in regards to referencing the > > intermediate in the AIA field? Does it need to be available? Does it > > need to be there at all? > > It's optional

Re: Mozilla's Expectations for OCSP Incident Reporting

Just an FYI - I've also started a thread on the CA/Browser Forum list to see about establishing OCSP uptime requirements in the Baseline Requirements. On Mon, May 11, 2020 at 5:45 AM Kurt Roeckx via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On 2020-05-08 21:03, Wayne

AIA CA Issuer field pointing to PEM encoded certs

Hi, As I mentioned in my previous mail I found some instances of CAs pointing to PEM encoded certificates in their AIA fields, while they should be DER encoded. I found such instances for 4 CAs, I'll list them with one example cert and the URL of the referenced intermediate.

RE: AIA CA Issuers field

> * Are there rules that CAs must adhere to in regards to referencing the > intermediate in the AIA field? Does it need to be available? Does it > need to be there at all? It's optional (SHOULD-level), as Baseline Requirements 7.1.2.3 (c) [1] states: It (AIA extension) SHOULD also

AIA CA Issuers field

Hi, I have been doing some checks on certificates with the AIA Issuers field. I already reported certificates with a 403 error on the HTTP url of the intermediate (see earlier mail). Now there's more stuff to be found and I'm wondering: * Are there rules that CAs must adhere to in regards to

Re: Mozilla's Expectations for OCSP Incident Reporting

On 2020-05-08 21:03, Wayne Thayer wrote: It was recently reported [1] that IdenTrust experienced a multi-day OCSP outage about two weeks ago. Other recent OCSP issues have resulted in incident reports [3][4], so I am concerned that IdenTrust didn't report this, and I created a bug [5] to ensure

AIA CA Issuers URL gives 403 (Microsoft)

I did some checks on certificates and their AIA sections and noticed that several Microsoft certificates were referencing intermediate certificates in the "CA Issuer" field that give a 403 error. http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%201.crt