> On Aug 8, 2017, at 10:29, identrust--- via dev-security-policy 
> <dev-security-policy@lists.mozilla.org> wrote:
> On Monday, August 7, 2017 at 4:47:39 PM UTC-4, Jonathan Rudenberg wrote:
>> “IdenTrust ACES CA 2” has issued five certificates with an OCSP responder 
>> URL that has a HTTPS URI scheme. This is not valid, the OCSP responder URI 
>> is required to have the plaintext HTTP scheme according to Baseline 
>> Requirements section
>> Here’s the list of certificates: https://misissued.com/batch/4/
>> Jonathan
> IdenTrust had previously interpreted HTTP to be inclusive of HTTPS in this 
> context.  That being said, we have altered our profiles for certificates 
> issued under this Sub CA to include only HTTP OCSP URLs.  All certificates 
> issued going forward will contain an HTTP OCSP URL.  We will also examine all 
> other sub CA to ensure only HTTP OCSP URLs are included.  Thank you for 
> giving 
> us an opportunity to address this with the community

Thanks for the update.

Can you also clarify why the subject organizationName is "U.S. Government” for 
all of these certificates, despite the other subject fields indicating 
organizations that are not a component of the US Government?


dev-security-policy mailing list

Reply via email to