On Monday, August 7, 2017 at 4:47:39 PM UTC-4, Jonathan Rudenberg wrote:
> “IdenTrust ACES CA 2” has issued five certificates with an OCSP responder URL 
> that has a HTTPS URI scheme. This is not valid, the OCSP responder URI is 
> required to have the plaintext HTTP scheme according to Baseline Requirements 
> section
> Here’s the list of certificates: https://misissued.com/batch/4/
> Jonathan

IdenTrust had previously interpreted HTTP to be inclusive of HTTPS in this 
context.  That being said, we have altered our profiles for certificates 
issued under this Sub CA to include only HTTP OCSP URLs.  All certificates 
issued going forward will contain an HTTP OCSP URL.  We will also examine all 
other sub CA to ensure only HTTP OCSP URLs are included.  Thank you for giving 
us an opportunity to address this with the community
dev-security-policy mailing list

Reply via email to