t; -Original Message-
> > From: dev-security-policy [mailto:dev-security-policy-
> > bounces+tim.hollebeek=digicert@lists.mozilla.org] On Behalf Of Ryan
> > Hurst via dev-security-policy
> > Sent: Wednesday, February 21, 2018 9:53 PM
> > To: mozilla-dev-securi
On Behalf Of Ryan
> Hurst via dev-security-policy
> Sent: Wednesday, February 21, 2018 9:53 PM
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re: Google OCSP service down
>
> I wanted to follow up with our findings and a summary of this issue for the
> community.
>
Thank you for this comprehensive incident report Ryan. Your team's decision
to improve the documentation around the right address for reporting is
great to see! I wonder if it might also make sense to pull the contact
information directly on https://pki.goog above the fold?
-Paul (reaperhulk)
On
I wanted to follow up with our findings and a summary of this issue for the
community.
Bellow you will see a detail on what happened and how we resolved the issue,
hopefully this will help explain what hapened and potentially others not
encounter a similar issue.
Summary
---
January
Hi Wayne,
This is how its supposed to work under eIDAS:
1. Check the value of the QCStatement [1] of the certificate under
problem (which is the location of PDS);
2. Open the PDS and check relevant contact info as in [2].
Thanks,
M.D.
[1] see 4.3.4 (QCStatement regarding location of PKI
On Sun, Jan 21, 2018 at 2:14 PM, Ryan Sleevi via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> > I think the whole CA incident reporting question has lots of room for
> > improvement. And I think this should be considered in a way that people
> > who are not familiar
On Monday, January 22, 2018 at 1:26:01 AM UTC-8, ihave...@gmail.com wrote:
> Hi,
>
> Just as an FYI, I am still getting 404. My geographic location is UAE if that
> helps at all.
>
> My openssl command:
> openssl ocsp -issuer gtsx1.pem -cert goodr1demopkigoog.crt -url
>
Hi,
Just as an FYI, I am still getting 404. My geographic location is UAE if that
helps at all.
My openssl command:
openssl ocsp -issuer gtsx1.pem -cert goodr1demopkigoog.crt -url
http://ocsp.pki.goog/GTSGIAG3 -CAfile gtsrootr1.pem
Error querying OCSP responder
77317:error:27075072:OCSP
On Sunday, January 21, 2018 at 1:42:59 PM UTC-8, Ryan Hurst wrote:
> On Sunday, January 21, 2018 at 1:29:58 PM UTC-8, s...@gmx.ch wrote:
> > Hi
> >
> > Thanks for investigating.
> >
> > I can confirm that the service is now working again for me most of the
> > time, but some queries still fail
On Sunday, January 21, 2018 at 1:29:58 PM UTC-8, s...@gmx.ch wrote:
> Hi
>
> Thanks for investigating.
>
> I can confirm that the service is now working again for me most of the
> time, but some queries still fail (may be due load balancing in the
> backend?).
>
Thank you for your report and
Hi
Thanks for investigating.
First of all, my previously curl command is not suitable to verify a
OCSP status. It only works for OCSP stapling which is not supported by
Google servers.
You may use openssl ocsp instead:
openssl ocsp -issuer [GoogleInternetAuthorityG2.crt] -cert
[googlecom.crt]
On Sun, Jan 21, 2018 at 4:00 PM Hanno Böck via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Hi,
>
> On Sun, 21 Jan 2018 12:09:23 -0800 (PST)
> Ryan Hurst via dev-security-policy
> wrote:
>
> > We maintain contact details both within
On Sun, Jan 21, 2018 at 2:08 PM David E. Ross via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 1/21/2018 9:50 AM, Ryan Sleevi wrote:
> > I couldn’t find that listed in the CP/CPS as where to report problems.
> > Instead, I see a different email listed.
> >
> > What
Hi,
On Sun, 21 Jan 2018 12:09:23 -0800 (PST)
Ryan Hurst via dev-security-policy
wrote:
> We maintain contact details both within our CPS (like other CAs) and
> at https://pki.goog so that people can reach us expeditiously. In the
> future if anyone needs
> > Is there a known contact to report it (or is someone with a Google hat
> > reading this anyway)?
>
David,
I am sorry you experienced difficulty in contacting us about this issue.
We maintain contact details both within our CPS (like other CAs) and at
https://pki.goog so that people can
>
> We are investigating the issue and will provide a update when that
> investigation is complete.
>
> Thank you for letting us know.
>
> Ryan Hurst
> Product Manager
> Google
I wanted to provide an update to the group. The issue has been identified and a
roll out of the fix is in progress
On 1/21/2018 9:50 AM, Ryan Sleevi wrote:
> I couldn’t find that listed in the CP/CPS as where to report problems.
> Instead, I see a different email listed.
>
> What made you decide to ignore the CP/CPS, which is where CAs list their
> problem reporting mechanisms?
>
> Given that a CA’s CP/CPS
On Sun, Jan 21, 2018 at 11:12 AM David E. Ross via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 1/21/2018 7:47 AM, Paul Kehrer wrote:
> > Is there a known contact to report it (or is someone with a Google hat
> > reading this anyway)?
>
> On Friday (two days ago), I
On Sunday, January 21, 2018 at 8:13:30 AM UTC-8, David E. Ross wrote:
> On 1/21/2018 7:47 AM, Paul Kehrer wrote:
> > Is there a known contact to report it (or is someone with a Google hat
> > reading this anyway)?
>
> On Friday (two days ago), I reported this to dns-ad...@google.com, the
> only
On 1/21/2018 7:47 AM, Paul Kehrer wrote:
> Is there a known contact to report it (or is someone with a Google hat
> reading this anyway)?
On Friday (two days ago), I reported this to dns-ad...@google.com, the
only E-mail address in the WhoIs record for google.com.
I received an automated reply
Hi
Google delivers the certificate [1] to me, for *.google.com,
*.youtube.com and other major services.
However, the OCSP service [2] does not work for me. I verified this from
multiple locations, machines, OSes and versions of Firefox. Furthermore,
I used SSL Labs [3] and the status on crt.sh
21 matches
Mail list logo