Thanks Rob! I went through the list and filed a bug for each CA if there
wasn't one already open (with one exception that I'm still researching).
All open OCSP issues are included in the list at
https://wiki.mozilla.org/CA/Incident_Dashboard
Wayne
On Mon, Dec 11, 2017 at 10:49 PM, Rob Stradling
No. It has been prohibited for years in the Baseline Requirements. With an
expectation that CAs monitor such requests in light of DigiNotar
On Mon, Dec 11, 2017 at 8:54 PM Peter Gutmann via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Rob Stradling via
Rob Stradling via dev-security-policy
writes:
>CAs / Responder URLs that are in scope for, but violate, the BR prohibition
>on returning a signed a "Good" response for a random serial number
Isn't that perfectly valid? Despite the misleading name,
Inspired by Paul Kehrer's research a few months ago, I've added a
continuous OCSP Monitoring feature to crt.sh:
https://crt.sh/ocsp-responders
This page shows the latest results of 3 OCSP checks (performed hourly)
against each CA / Responder URL that crt.sh has ever encountered:
1. a GET
4 matches
Mail list logo