Bonjour, Le jeudi 13 mars 2014 11:23:34 UTC+1, Adriano Santoni - Actalis S.p.A. a écrit : > Il 13/03/2014 01:09, Erwann Abalea ha scritto: [...] > > The authorized OCSP responders certificates don't contain the mandatory > > OCSPNoCheck extension (BR 1.1, section 13.2.5). > > We forgot that extension, will reissue the responder certificate at the > earliest. > > Thank you for pointing out those issues. > > However, other CAs that are already EV-enabled in Mozilla seem to have > overlooked those issues as well. > For instance, also the OSCP response for https://www.opentrust.com is > lacking the ocsp-no-check extension in the responder certificate.
Thanks for the warning. I checked our responders and asked for the defective ones to be replaced ASAP. Strangely, some of them are correct, but not all. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
