Apple has submitted this preliminary incident report: https://bugzilla.mozilla.org/show_bug.cgi?id=1588001, which is reposted below.
On 03-October-2019 at 13:52 PT, we were notified via a problem report submitted to our Problem Reporting Mechanism that our OCSP responders were returning signed responses with incorrect issuer. Based on an initial investigation, we’ve determined that in some cases when the OCSP service receives a request it cannot process, it signs the response with a default OCSP responder (our OCSP service processes requests for multiple CAs). We are investigating a fix so that responses are not signed by an incorrect OCSP responder. Further details will be provided no later than 17-October-2019. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy