Browsers by default just ignore any OCSP error. So while the browser
might have seen an error getting the OCSP reply, the user is not aware
of it.
And why Browsers do ignore OCSP errors? Because some CA don't take OCSP
errors seriously.
So yes, it has an impact: it comfort Browsers in that
Thank you very much for your continued disclosure.
We (Sectigo) are working on a CPS revision which will clarify the forms of
proof of compromise that we accept.
Our customer service staff have to respond to compromise notifications quickly
and accurately and we are best able to achieve that
On Fri, 15 May 2020 10:13:01 -0400
Lee via dev-security-policy
wrote:
> How is this situation different from the time when the google ocsp
> service was down?
Maybe some clarification here:
The Google OCSP was the OCSP for end entity certificates.
The Identrust OCSP was the OCSP server for
On 5/15/20, Peter Gutmann via dev-security-policy
wrote:
> Hanno Böck writes:
>
>>The impact it had was a monitoring system that checked whether the
>>certificate of a host was okay, using gnutls-cli with ocsp enabled (which
>>also uncovered a somewhat unexpected inconsistency in how the gnutls
On 2020-05-15 08:47, Peter Gutmann wrote:
Hanno Böck writes:
The impact it had was a monitoring system that checked whether the
certificate of a host was okay, using gnutls-cli with ocsp enabled (which
also uncovered a somewhat unexpected inconsistency in how the gnutls cli tool
behaves[1]).
Hanno Böck writes:
>The impact it had was a monitoring system that checked whether the
>certificate of a host was okay, using gnutls-cli with ocsp enabled (which
>also uncovered a somewhat unexpected inconsistency in how the gnutls cli tool
>behaves[1]).
Sure, but if the only impact was on a
6 matches
Mail list logo