On 1/21/2018 9:50 AM, Ryan Sleevi wrote:
> I couldn’t find that listed in the CP/CPS as where to report problems.
> Instead, I see a different email listed.
> What made you decide to ignore the CP/CPS, which is where CAs list their
> problem reporting mechanisms?
> Given that a CA’s CP/CPS applies to their hierarchy and issuance practices,
> not a single certificate, and given that past discussions on this list have
> specifically called out the CP/CPS as the place to determine problem
> reporting mechanisms, it does seem unreasonable to expect arbitrary
> reporting mechanisms to get the same attention as the defined mechanisms.

At the time I tried reporting the problem, I forgot that Google had a
pending request to add its root to NSS.  When I checked the Certificate
Manager list of Authorities in my browser, Google did not appear.

In any case, this OCSP problem still makes me question Google's ability
to manage a certification authority.  As a prior reply in this thread
indicates, it took two days for Google to even acknowledge there is a

As of right now, it appears the problem has been fixed.  With both
checkboxes checked under OCSP at [Edit > Preferences > Privacy &
Security > Certificates], I am now able to reach Google Web sites.

David E. Ross

President Trump:  Please stop using Twitter.  We need
to hear your voice and see you talking.  We need to know
when your message is really your own and not your attorney's.
dev-security-policy mailing list

Reply via email to