Re: SECURITY RELEVANT FOR CAs: The curious case of the Dangerous Delegated Responder Cert

Mr. zxzxzx9, The "real" risk, which is illustrated through an adversary, vulnerability, impact probability, risk mitigation strategy and the residual risk doesn't matter. Hence is not discussed. I've yet to see a comprehensive risk assessment on this matter. The primary reason there is

Re: Question about the issuance of OCSP Responder Certificates by technically constrained CAs

Dear Mr. Wilson, Could you please share the risk assessment that you have received from Mr. Sleevi? I believe it would be very useful for the CAs to understand the gravity of the issue. Sincerely yours, T.K. (No hat) On 7/4/2020 12:23 PM, Ryan Sleevi via dev-security-policy wrote: On Fri,