> On Aug 8, 2017, at 10:29, identrust--- via dev-security-policy
> <email@example.com> wrote:
> On Monday, August 7, 2017 at 4:47:39 PM UTC-4, Jonathan Rudenberg wrote:
>> “IdenTrust ACES CA 2” has issued five certificates with an OCSP responder
>> URL that has a HTTPS URI scheme. This is not valid, the OCSP responder URI
>> is required to have the plaintext HTTP scheme according to Baseline
>> Requirements section 18.104.22.168(c).
>> Here’s the list of certificates: https://misissued.com/batch/4/
> IdenTrust had previously interpreted HTTP to be inclusive of HTTPS in this
> context. That being said, we have altered our profiles for certificates
> issued under this Sub CA to include only HTTP OCSP URLs. All certificates
> issued going forward will contain an HTTP OCSP URL. We will also examine all
> other sub CA to ensure only HTTP OCSP URLs are included. Thank you for
> us an opportunity to address this with the community
Thanks for the update.
Can you also clarify why the subject organizationName is "U.S. Government” for
all of these certificates, despite the other subject fields indicating
organizations that are not a component of the US Government?
dev-security-policy mailing list