Answer for questions about OCSP downtime: We maintain OCSP on line 24x7. We will remove this 4 hours from CSP.
Regards Przemyslaw Rawa Od: [email protected] Do: [email protected], Data: 2014-09-26 01:23 Temat: Re: KIR S.A. Root Inclusion Request Wysłane przez: "dev-security-policy" <dev-security-policy-bounces+certificates=kir.com...@lists.mozilla.org> With proper planning, redundant equipment, and so forth, the perceived outage can be zero (that means 100% availability). Keep in mind you have 2 sets of customers: the people who purchase your service and the people who rely on your judgment as to who should or should not be trusted. Notifying your clients that the OCSP responders will be offline for 4 hours is the equivalent of your clients telling their customers: "don't visit my website for the next 4 hours because my cert issuer won't verify that I'm trustworthy". Or perhaps: "I'm going to send you an email but you can't read it for the next 4 hours because you won't be able to validate it with my CA". In so many words, a better plan needs to be put in place. From: Matt Palmer Sent: Thursday, September 25, 2014 3:37 PM My bank doesn't go down for four hours every week, nor does it claim to be able to. If it did, I'd find another bank, but as a relying party, I can't find another CA to present a certificate for a site I wish to verify the authenticity of. > We want to be fair to the user, > that's why we inform them about possibility of downtime. We can remove > this 4 hour from CSP. I think that would be best. - Matt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy Krajowa Izba Rozliczeniowa S.A., ul. rtm. W. Pileckiego 65, 02-781 Warszawa, zarejestrowana w Sądzie Rejonowym dla m. st. Warszawy, XIII Wydział Gospodarczy Krajowego Rejestru Sądowego pod nr KRS 0000113064, NIP 526-030-05-17, REGON 012105474, kapitał zakładowy i wpłacony 5.445.000 zł. Informacja zawarta w tej transmisji jest przeznaczona tylko dla osoby lub jednostki, do której jest adresowana. Może ona zawierać zastrzeżone i poufne informacje i jeżeli to nie Państwo są wskazanym odbiorcą, nie można kopiować, rozpowszechniać lub podejmować żadnych czynności w oparciu o nią. W przypadku otrzymania tej transmisji przez pomyłkę, proszę powiadomić nadawcę za pomocą emaila zwrotnego i usunąć tę transmisję (wraz z załącznikami) z Państwa systemu. The information contained in this transmission is intended only for the individual or entity to whom it is addressed. It may contain privileged and confidential information and if you are not an indicated recipient, you must not copy, distribute or take any action in reliance on it. If received in error, please notify the sender by return email and delete his transmission (and any attachments) from your system. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
