I'm going to file the Bugzilla Bugs for each of these CAs, as follows. == Bug Summary: <CA Name>: Non-BR-Compliant OCSP Responders
Bug Description: Problems have been found with OCSP responders for this CA, and reported in the mozilla.dev.security.policy forum here: https://groups.google.com/d/msg/mozilla.dev.security.policy/o1MX07iWDco/RuM1NK_0AQAJ As per section 4.9.10 of the BRs, OCSP responders MUST NOT respond with a “good” status for unissued certificates. The effective date for this requirement was 2013-08-01. Please provide an incident report in this bug, as described here: https://wiki.mozilla.org/CA/Responding_To_A_Misissuance#Incident_Report == > I have updated the list again to note the additional responders fixed (in > this update: CA Disig, PKIoverheid, Izenpe). To make this email slightly > less enormous I've also started removing everything but the CA's name when > I have confirmed that all the reported responders are now properly > responding to my queries. Should I still file a bug for those, so that the incident report is recorded in Bugzilla? Thanks, Kathleen _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
