On Tue, Sep 3, 2019 at 2:18 PM Santhan via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Thursday, August 29, 2019 at 4:37:04 PM UTC-7, Jacob Hoffman-Andrews
> wrote:
> > Also filed at https://bugzilla.mozilla.org/show_bug.cgi?id=1577652
> >
> > On 2019.08.28 we read
On Thursday, August 29, 2019 at 4:37:04 PM UTC-7, Jacob Hoffman-Andrews wrote:
> Also filed at https://bugzilla.mozilla.org/show_bug.cgi?id=1577652
>
> On 2019.08.28 we read Apple’s bug report at
> https://bugzilla.mozilla.org/show_bug.cgi?id=1577014 about DigiCert’s OCSP
> responder returning
On 03/09/2019 00:54, Ryan Sleevi wrote:
> On Mon, Sep 2, 2019 at 2:14 PM Alex Cohn via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> On Mon, Sep 2, 2019 at 12:42 PM Jakob Bohm via dev-security-policy <
>> dev-security-policy@lists.mozilla.org> wrote:
>>
>>> If an OCSP
On Mon, Sep 2, 2019 at 2:14 PM Alex Cohn via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Mon, Sep 2, 2019 at 12:42 PM Jakob Bohm via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > If an OCSP server supports returning (or always returns)
On Mon, Sep 2, 2019 at 1:36 PM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 02/09/2019 20:13, Alex Cohn wrote:
> > On Mon, Sep 2, 2019 at 12:42 PM Jakob Bohm via dev-security-policy <
> > dev-security-policy@lists.mozilla.org> wrote:
> >
> > Waiting
On 02/09/2019 20:13, Alex Cohn wrote:
On Mon, Sep 2, 2019 at 12:42 PM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
If an OCSP server supports returning (or always returns) properties of
the actual cert, such as the CT proofs, then it really cannot do its
On Mon, Sep 2, 2019 at 12:42 PM Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> If an OCSP server supports returning (or always returns) properties of
> the actual cert, such as the CT proofs, then it really cannot do its
> usual "good" responses until the
_
> From: dev-security-policy on
> behalf of Jeremy Rowley via dev-security-policy
>
> Sent: Saturday, August 31, 2019 9:05:24 AM
> To: Tomas Gustavsson ;
> mozilla-dev-security-pol...@lists.mozilla.org
>
> Subject: Re: 2019.08.28 Let’s Encrypt OCSP
On Friday, August 30, 2019 at 8:58:17 PM UTC+2, Ryan Sleevi wrote:
> On Fri, Aug 30, 2019 at 11:26 AM Jeremy Rowley via dev-security-policy <
> Despite all of the writing above, I'm too lazy to copy/paste my comment
> from the Let's Encrypt issue, but I would hope any CA contemplating things
>
fusing imo.
>
> From: dev-security-policy on
> behalf of Tomas Gustavsson via dev-security-policy
>
> Sent: Saturday, August 31, 2019 9:00:08 AM
> To: mozilla-dev-security-pol...@lists.mozilla.org
>
> Subject: Re: 2019.08.2
:24 AM
To: Tomas Gustavsson ;
mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: 2019.08.28 Let’s Encrypt OCSP Responder Returned “Unauthorized”
for Some Precertificates
I dont recall the cab forum ever contemplating or discussing ocsp for
precertificates. The requirement to provide
dev-security-policy
Sent: Saturday, August 31, 2019 9:00:08 AM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: 2019.08.28 Let’s Encrypt OCSP Responder Returned “Unauthorized”
for Some Precertificates
On Saturday, August 31, 2019 at 3:13:00 PM UTC+2, Jeremy Rowley wrote:
> &g
thorized for "unknown" responses to
save on private key usage? (I'm unable to find it now)
>
> ________
> From: dev-security-policy on
> behalf of Tomas Gustavsson via dev-security-policy
>
> Sent: Saturday, August 31, 2019 5:01:4
You’re right. It could be any of the responses under RFC 6960.
From: Alex Cohn
Sent: Friday, August 30, 2019 7:22 PM
To: Jeremy Rowley
Cc: Jacob Hoffman-Andrews ;
mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: 2019.08.28 Let’s Encrypt OCSP Responder Returned “Unauthorized
: Ryan Sleevi
Sent: Friday, August 30, 2019 12:58 PM
To: Jeremy Rowley
Cc: Jacob Hoffman-Andrews ;
mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: 2019.08.28 Let’s Encrypt OCSP Responder Returned “Unauthorized”
for Some Precertificates
On Fri, Aug 30, 2019 at 11:26 AM Jeremy Rowley
a-dev-security-pol...@lists.mozilla.org
Subject: Re: 2019.08.28 Let’s Encrypt OCSP Responder Returned “Unauthorized”
for Some Precertificates
Hi,
I find and hear a few non conclusive, sometimes contradictory, messages about
OCSP responder handling of pre-certificates without final certi
Hi,
I find and hear a few non conclusive, sometimes contradictory, messages about
OCSP responder handling of pre-certificates without final certificates. Reading
this thread I don't find a firm conclusion either (albeit I may have missed it).
I'm not saying anything others have not said before,
On Fri, Aug 30, 2019 at 10:26 AM Jeremy Rowley via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Is our answer right though? I wasn't sure. I said "Good" because "a
> promise to issue a cert" could be considered the same issued. In that case
> the BRs say you must respond
On Fri, Aug 30, 2019 at 11:26 AM Jeremy Rowley via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Is our answer right though? I wasn't sure. I said "Good" because "a
> promise to issue a cert" could be considered the same issued. In that case
> the BRs say you must respond
Is our answer right though? I wasn't sure. I said "Good" because "a promise to
issue a cert" could be considered the same issued. In that case the BRs say you
must respond good. However, if "a promise to issue a certificate" is not the
same as issuance, the BRs don't apply to the OCSP until the
On 2019-08-30 12:14, Jakob Bohm wrote:
On 30/08/2019 01:36, Jacob Hoffman-Andrews wrote:
Also filed at https://bugzilla.mozilla.org/show_bug.cgi?id=1577652
On 2019.08.28 we read Apple’s bug report at
https://bugzilla.mozilla.org/show_bug.cgi?id=1577014 about DigiCert’s OCSP
responder
On 30/08/2019 01:36, Jacob Hoffman-Andrews wrote:
> Also filed at https://bugzilla.mozilla.org/show_bug.cgi?id=1577652
>
> On 2019.08.28 we read Apple’s bug report at
> https://bugzilla.mozilla.org/show_bug.cgi?id=1577014 about DigiCert’s OCSP
> responder returning incorrect results for a
22 matches
Mail list logo