Add a requirement that every OCSP response must have a nextUpdate field. This is required to ensure that OCSP stapling works reliably with all (at least most) server and client products.
Proposal: update the second bullet in point 3 of the Maintenance section so that the last sentence reads: OCSP responses from this service must have a defined value in the nextUpdate field, and it must be no more than ten days after the thisUpdate field. This is: https://github.com/mozilla/pkipolicy/issues/21 ------- This is a proposed update to Mozilla's root store policy for version 2.4. Please keep discussion in this group rather than on Github. Silence is consent. Policy 2.3 (current version): https://github.com/mozilla/pkipolicy/blob/2.3/rootstore/policy.md Update process: https://wiki.mozilla.org/CA:CertPolicyUpdates _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
