I will contact the Swiss BIT and discuss. Kind regards, Steven Medin Product Manager, Identity and Access Management Verizon Enterprise Solutions
-----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+steve.medin=verizonbusiness....@lists.mo zilla.org] On Behalf Of Rob Stradling Sent: Friday, February 06, 2015 10:32 AM To: Richard Barnes; [email protected] Cc: [email protected] Subject: Re: FOITT does no longer support OCSP On 06/02/15 15:00, Richard Barnes wrote: > Does the FOITT cert chain up to one of the roots in the Mozilla program? > > https://wiki.mozilla.org/CA:IncludedCAs > > I only see 3 Swisscom roots and 3 SwissSign roots, nothing that is > obviously Swiss government. This intermediate CA cert for "Swiss Government SSL CA 01" was issued by the "Baltimore CyberTrust Root" built-in root. -----BEGIN CERTIFICATE----- MIIGKDCCBRCgAwIBAgIEBye2CTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJ RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE0MDkxMDE4NTAzNloX DTE3MDkxMDE4NTAxMVowgYgxCzAJBgNVBAYTAkNIMR0wGwYDVQQKExRTd2lzcyBH b3Zlcm5tZW50IFBLSTERMA8GA1UECxMIU2VydmljZXMxIjAgBgNVBAsTGUNlcnRp ZmljYXRpb24gQXV0aG9yaXRpZXMxIzAhBgNVBAMTGlN3aXNzIEdvdmVybm1lbnQg U1NMIENBIDAxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA379210+W I6Wl63BOe93KXb9T6mw4frXZBPgN6iKcVp4KGTOHLtCfztUrFJWWhNaapDoYcZKJ F4vNwQsYFIPZDdYhNeaubsOsoKznei3+1PBLpNyAVTbQ2SgEZcDuVYkpoSUzu+cT sZ/gAKYf3K1JacCdeEYRv55FXLJ991lTvKHLNNr4+IEZuOwMCqjdMKg/JF2Lh+nm AoT2YoUFBJHYWNMyTUZZ4pZVB8PZPCeM76FJHf+zG+kQ2gQhDaEyMFqjuH7URRkj nnV6GvenzOO7uIPiigKf9Ccpt05gnuezPKGtOwzJhpjTqOfxuVSH5HhDzDGPcrce rfwtHRW6Rnq0ix1kHUAmC6tB6fhKwCOOnSZ04YmaKwtMsGMsEIoaZ6+h7VlllKJ/ OpVGGmTEdPzaEuJnCPUq0BuVOPWHtSyr6UcrTw4p8C+yjbE8Y99b9VkxdGGPU3vs 8ZSObJjEILcR3NnQhK4/V9bP6v9CVqh933W/Q7LdN6vjWr6VdwqYUn1q7USqIp2W p+Q7KFg1VHh0JJTAirI9PSmsVmiWv4MXdBKFmd2PaT3w/HBEDTM5Fg8w6T0IPd26 ApQ+Yg+EAkC+GfH0JNcVR3LdnVgm/IncnNJPrq7gteN1FJ+lxsbeN0947nDpoasf qjCUZVNcbzjeIfJEuBxZ6tCwJnrQF6Xi55UCAwEAAaOCAcUwggHBMBIGA1UdEwEB /wQIMAYBAf8CAQAwgakGA1UdIASBoTCBnjBIBgkrBgEEAbE+AQAwOzA5BggrBgEF BQcCARYtaHR0cDovL2N5YmVydHJ1c3Qub21uaXJvb3QuY29tL3JlcG9zaXRvcnku Y2ZtMFIGCGCFdAERAxUCMEYwRAYIKwYBBQUHAgEWOGh0dHA6Ly93d3cucGtpLmFk bWluLmNoL2Nwcy9DUFNfMl8xNl83NTZfMV8xN18zXzIxXzEucGRmMEIGCCsGAQUF BwEBBDYwNDAyBggrBgEFBQcwAYYmaHR0cDovL29jc3Aub21uaXJvb3QuY29tL2Jh bHRpbW9yZXJvb3QwDgYDVR0PAQH/BAQDAgEGMCcGA1UdJQQgMB4GCCsGAQUFBwMB BggrBgEFBQcDAgYIKwYBBQUHAwMwHwYDVR0jBBgwFoAU5Z1ZMIJHWMys+ghUNoZ7 OrUETfAwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NkcDEucHVibGljLXRydXN0 LmNvbS9DUkwvT21uaXJvb3QyMDI1LmNybDAdBgNVHQ4EFgQU/DVeWB34UuAr6Kyr uYKtFRHW5s0wDQYJKoZIhvcNAQELBQADggEBAJwbVrtGL68v2T0QhiuIKpFvNCpi 2VpmyUwHY1IiIKxckiX9NoQdvSqwG9SePR3Fet9LC6d0SAnkXKTwnjP7hxTMdmMt +TK/UnJWBBQCfMjwFRs0oAEFwyxSr04R2ZWIV/8DlTSQ3hxH2LPlgJjVosQfvdSG nqYK0KY3c7vMRC7QbtAIrmxY4CTqtBHiPQy/CV6zdcCYxgsKl3iPxPQAHEMIG8DY CaMW+JsRUTtdPIaXIa559nmHbG2xw/tm7Ku4ieKsd9RNkDIbE5DEi/clf1Xn8bW4 AiV4lLjW7oN6i5m4QrGeFtWIXZXBFiurMtplyoJ/wmNw70ArcqxbOc174n0= -----END CERTIFICATE----- > On Thu, Feb 5, 2015 at 6:33 PM, <[email protected]> wrote: > >> Hi all >> >> A few weeks ago, I got some mails about a broken iframe. The secure >> connection to the remote server failed (OCSP error). The site was >> signed by Swiss Government SSL CA 01. I contacted the technical >> support and they told me, that the Federal Office of Information >> Technology, Systems and Telecommunication (FOITT) of Switzerland shut >> down their OCSP servers! So all secure Swiss gov sites are broken if you requires OCSP. >> I contacted them directly and tried to explain why the OCSP service >> is a requirement for a CA, but they do not react. >> >> Maybe someone of the Mozilla security team could contact them again. >> >> Regards, >> Jonas -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
