Re: SECURITY RELEVANT FOR CAs: The curious case of the Dangerous Delegated Responder Cert

2020-07-15 12:30 GMT-04:00 Chema López via dev-security-policy : > El martes, 14 de julio de 2020 a las 9:02:01 UTC+2, Filippo Valsorda escribió: > > > > This whole argument seems to lose track of the difference between CAs and > > RPs. CAs have strict responsibilities to follow all the rules

Re: SECURITY RELEVANT FOR CAs: The curious case of the Dangerous Delegated Responder Cert

On Wed, Jul 15, 2020 at 12:30 PM Chema López via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > So, an ICA or SCA cert. without keyUsage set to digitalSignature is not an > OCSP Responder. Full stop. False. Full stop. I mentioned in my reply to Corey, but I think it's

Re: SECURITY RELEVANT FOR CAs: The curious case of the Dangerous Delegated Responder Cert

El martes, 14 de julio de 2020 a las 9:02:01 UTC+2, Filippo Valsorda escribió: > This whole argument seems to lose track of the difference between CAs and > RPs. CAs have strict responsibilities to follow all the rules of the policies > they committed to in order to be trusted by RPs. Full