Browsers by default just ignore any OCSP error. So while the browser
might have seen an error getting the OCSP reply, the user is not aware
of it.
And why Browsers do ignore OCSP errors? Because some CA don't take OCSP
errors seriously.
So yes, it has an impact: it comfort Browsers in that
On Fri, 15 May 2020 10:13:01 -0400
Lee via dev-security-policy
wrote:
> How is this situation different from the time when the google ocsp
> service was down?
Maybe some clarification here:
The Google OCSP was the OCSP for end entity certificates.
The Identrust OCSP was the OCSP server for
On 5/15/20, Peter Gutmann via dev-security-policy
wrote:
> Hanno Böck writes:
>
>>The impact it had was a monitoring system that checked whether the
>>certificate of a host was okay, using gnutls-cli with ocsp enabled (which
>>also uncovered a somewhat unexpected inconsistency in how the gnutls
On 2020-05-15 08:47, Peter Gutmann wrote:
Hanno Böck writes:
The impact it had was a monitoring system that checked whether the
certificate of a host was okay, using gnutls-cli with ocsp enabled (which
also uncovered a somewhat unexpected inconsistency in how the gnutls cli tool
behaves[1]).
Hanno Böck writes:
>The impact it had was a monitoring system that checked whether the
>certificate of a host was okay, using gnutls-cli with ocsp enabled (which
>also uncovered a somewhat unexpected inconsistency in how the gnutls cli tool
>behaves[1]).
Sure, but if the only impact was on a
On Wed, May 13, 2020 at 12:12 AM Peter Gutmann
wrote:
> Ryan Sleevi writes:
>
> >>Following up on this, would it be correct to assume that, since no-one
> has
> >>pointed out any impact that this had on anything, that it's more a
> >>certificational issue than anything with real-world
On Wed, 13 May 2020 02:29:07 +
Peter Gutmann via dev-security-policy
wrote:
> Following up on this, would it be correct to assume that, since
> no-one has pointed out any impact that this had on anything, that
> it's more a certificational issue than anything with real-world
> consequences?
Ryan Sleevi writes:
>>Following up on this, would it be correct to assume that, since no-one has
>>pointed out any impact that this had on anything, that it's more a
>>certificational issue than anything with real-world consequences?
>
>That seems quite a suppositional leap, don't you think?
On Tue, May 12, 2020 at 10:29 PM Peter Gutmann via dev-security-policy
wrote:
>
> >Just to understand the scope of this, what was the impact on end users?
>
> Following up on this, would it be correct to assume that, since no-one has
> pointed out any impact that this had on anything, that it's
>Just to understand the scope of this, what was the impact on end users?
Following up on this, would it be correct to assume that, since no-one has
pointed out any impact that this had on anything, that it's more a
certificational issue than anything with real-world consequences?
Peter.
Just an FYI - I've also started a thread on the CA/Browser Forum list to
see about establishing OCSP uptime requirements in the Baseline
Requirements.
On Mon, May 11, 2020 at 5:45 AM Kurt Roeckx via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 2020-05-08 21:03, Wayne
On 2020-05-08 21:03, Wayne Thayer wrote:
It was recently reported [1] that IdenTrust experienced a multi-day OCSP
outage about two weeks ago. Other recent OCSP issues have resulted in
incident reports [3][4], so I am concerned that IdenTrust didn't report
this, and I created a bug [5] to ensure
Wayne Thayer via dev-security-policy
writes:
>It was recently reported [1] that IdenTrust experienced a multi-day OCSP
>outage about two weeks ago.
Just to understand the scope of this, what was the impact on end users? If it
went on for multiple days then presumably no-one noticed it, the
It was recently reported [1] that IdenTrust experienced a multi-day OCSP
outage about two weeks ago. Other recent OCSP issues have resulted in
incident reports [3][4], so I am concerned that IdenTrust didn't report
this, and I created a bug [5] to ensure that we track the issue (assuming
the
14 matches
Mail list logo