No. It has been prohibited for years in the Baseline Requirements. With an expectation that CAs monitor such requests in light of DigiNotar
On Mon, Dec 11, 2017 at 8:54 PM Peter Gutmann via dev-security-policy < [email protected]> wrote: > Rob Stradling via dev-security-policy < > [email protected]> writes: > > >CAs / Responder URLs that are in scope for, but violate, the BR > prohibition > >on returning a signed a "Good" response for a random serial number > > Isn't that perfectly valid? Despite the misleading name, OCSP's "Good" > just > means "not revoked", and a not-revoked reply to a random serial number is > correct because it's not revoked. > > Peter. > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
