On Fri, Sep 20, 2019 at 9:58 AM Rob Stradling <r...@sectigo.com> wrote:
> On 19/09/2019 21:01, Ryan Sleevi wrote: > <snip> > > It would be helpful for one of the relevant documents, or another > > document, or even an errata, to clarify that OCSP services can be > > offered for pre-certificates. It’s merely a question of clarifying > > the technical requirements about how an OCSP service should operate, > > as those requirements currently can be read to not allow OCSP > > responses for non-certificates. > > > > > > I'm still not sure I agree with the conflict, which is the key. In > > either event, we're arguably discussing a profile / the operational > > constraints specific to a given CA, and not something general with the > > protocol. Whether or not a pre-certificate is treated as equivalent > > issuance is, ultimately, a policy question. > > Tim, Ryan, > > I just started a thread on the TRANS list about this. Please could I > ask you to take this discussion there? > I've replied there as to why I think it belongs here, and is inappropriate for there. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy