> > These OCSP responders give a "good" answer for a nonexistent certificate. > Yes, it has been detected and we have been working in this issue for a time. > Currently, we plan to solve it within next weeks.
We have already updated "ocspcomp.cert.fnmt.es" config. So, following the directive of the BRs of CABForum, OCSP responds with a "revoked" answer for non-existent certificates (revocation reason stated as "suspended", suspension date of January 1, 1970, according to syntax of RFC 6960.) In a few days OCSP reponder "ocspap.cert.fnmt.es" will be updated in the same way (we will inform) _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
