On Monday, August 7, 2017 at 4:47:39 PM UTC-4, Jonathan Rudenberg wrote: > “IdenTrust ACES CA 2” has issued five certificates with an OCSP responder URL > that has a HTTPS URI scheme. This is not valid, the OCSP responder URI is > required to have the plaintext HTTP scheme according to Baseline Requirements > section 7.1.2.2(c). > > Here’s the list of certificates: https://misissued.com/batch/4/ > > Jonathan _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Certificates issued with HTTPS OCSP responder URL (IdenTrust)
identrust--- via dev-security-policy Tue, 08 Aug 2017 15:29:45 -0700
- Re:... Jakob Bohm via dev-security-policy
- Re: Certificates issued with ... identrust--- via dev-security-policy
- Re: Certificates issued ... Jonathan Rudenberg via dev-security-policy
- Re: Certificates issued ... identrust--- via dev-security-policy
- Re: Certificates iss... Eric Mill via dev-security-policy
- Re: Certificates... Lee via dev-security-policy
- Re: Certific... Eric Mill via dev-security-policy
- Re: Cer... Lee via dev-security-policy
- Re: Cer... identrust--- via dev-security-policy
- Re: Certificates issued ... identrust--- via dev-security-policy
- Re: Certificates issued with ... identrust--- via dev-security-policy
- Re: Certificates issued with ... branden.dickerson--- via dev-security-policy