Our super unpublished RFC. Sadly no. We're still investigating, but it looks like it has to do with pre-certs and the way the system responds if when the actual cert never issued. We're working on an incident report. Funny enough (and not in the ha-ha way), the system works if the pre-cert was revoked but not if the pre-cert issued but something terrible happened between pre-cert issuance and real cert issuance.
-----Original Message----- From: dev-security-policy <dev-security-policy-boun...@lists.mozilla.org> On Behalf Of Peter Gutmann via dev-security-policy Sent: Tuesday, August 27, 2019 7:27 PM To: mozilla-dev-security-pol...@lists.mozilla.org; Curt Spann <csp...@apple.com> Subject: Re: DigiCert OCSP services returns 1 byte Curt Spann via dev-security-policy <dev-security-policy@lists.mozilla.org> writes: >I created the following bug: >https://bugzilla.mozilla.org/show_bug.cgi?id=1577014 Maybe it's an implementation of OCSP SuperDietLite, 1 = revoked, 0 = not revoked. In terms of it being unsigned, you can get the same effect by setting respStatus = TRYLATER, no signature required. Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
