Apple has submitted this preliminary incident report:, which is reposted below.  

On 03-October-2019 at 13:52 PT, we were notified via a problem report submitted 
to our Problem Reporting Mechanism that our OCSP responders were returning 
signed responses with incorrect issuer. Based on an initial investigation, 
we’ve determined that in some cases when the OCSP service receives a request it 
cannot process, it signs the response with a default OCSP responder (our OCSP 
service processes requests for multiple CAs). We are investigating a fix so 
that responses are not signed by an incorrect OCSP responder.

Further details will be provided no later than 17-October-2019.
dev-security-policy mailing list

Reply via email to