Hi Thanks for investigating.
First of all, my previously curl command is not suitable to verify a OCSP status. It only works for OCSP stapling which is not supported by Google servers. You may use openssl ocsp instead: openssl ocsp -issuer [GoogleInternetAuthorityG2.crt] -cert [googlecom.crt] -url http://clients1.google.com/ocsp -resp_text -header HOST=clients1.google.com I can confirm that the service is now working again for me most of the time, but some queries still fail (may be due load balancing in the backend?). Am 21.01.2018 um 22:00 schrieb Hanno Böck via dev-security-policy: > If I goole for that I end up at https://pki.google.com/ This page has > a similar style as the pki.goog, but notably it doesn't list any > contact info. It has an FAQ, but that doesn't have any question of the > form "How do I report a problem with your CA?" The only thing that > might be helpful is a pointer to report security incidents. I'd > probably have done that, though I would be unsure, as it's debatable > whether an offline OCSP counts as a security issue. I ended up with the same situation. But "OCSP is down" does not fit in any category on the vulnerability report site and the cartegory "other" does only provide support articles.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
