In as far as that part of Apple's CA hierarchy is publicly trusted and participates in the Mozilla Root CA program and that there were apparent performance issues with ocsp.apple.com yesterday, I'm writing to suggest that I believe there may be cause to expect some transparency regarding recent Apple OCSP responder performance issues, whether those issues impacted responses over covered certificates, what failures led to those issues, and what remediations have been taken.
I haven't seen any other mention of this and whether it rises as to the level of an incident as yet. I clarify that I do not personally allege that I experienced a timeout or long delay querying an in-scope certificate, but rather that infrastructure that seems to be shared with publicly trusted signers had externally detectable issues related to OCSP performance. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy