Re: 2019.08.28 Let’s Encrypt OCSP Responder Returned “Unauthorized” for Some Precertificates

On 03/09/2019 00:54, Ryan Sleevi wrote: > On Mon, Sep 2, 2019 at 2:14 PM Alex Cohn via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > >> On Mon, Sep 2, 2019 at 12:42 PM Jakob Bohm via dev-security-policy < >> dev-security-policy@lists.mozilla.org> wrote: >> >>> If an OCSP

Re: Intent to Ship: Move Extended Validation Information out of the URL bar

Am Sonntag, 1. September 2019 04:27:04 UTC+2 schrieb Peter Gutmann: > Since the value to criminals of EV web certs is low, it seems they're not > doing much to stop what the criminals are doing. If they did have any value > then criminals would be prepared to pay more for them, like they already

Re: 2019.08.28 Let’s Encrypt OCSP Responder Returned “Unauthorized” for Some Precertificates

On Saturday, August 31, 2019 at 5:07:48 PM UTC+2, Jeremy Rowley wrote: > Obviously I think good is the best answer based on my previous posts. A > precert is still a cert. But I can see how people could disagree with me. I don't see anything fundamentally wrong with either approach. Since BR

Re: 2019.08.28 Let’s Encrypt OCSP Responder Returned “Unauthorized” for Some Precertificates

On Friday, August 30, 2019 at 8:58:17 PM UTC+2, Ryan Sleevi wrote: > On Fri, Aug 30, 2019 at 11:26 AM Jeremy Rowley via dev-security-policy < > Despite all of the writing above, I'm too lazy to copy/paste my comment > from the Let's Encrypt issue, but I would hope any CA contemplating things >

Re: 2019.08.28 Let’s Encrypt OCSP Responder Returned “Unauthorized” for Some Precertificates

If an OCSP server supports returning (or always returns) properties of the actual cert, such as the CT proofs, then it really cannot do its usual "good" responses until the process of retrieving CT proofs and creating the final TBScertificate (and possibly signing it) has been completed. Thus

Re: 2019.08.28 Let’s Encrypt OCSP Responder Returned “Unauthorized” for Some Precertificates

On 02/09/2019 20:13, Alex Cohn wrote: On Mon, Sep 2, 2019 at 12:42 PM Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: If an OCSP server supports returning (or always returns) properties of the actual cert, such as the CT proofs, then it really cannot do its

Re: 2019.08.28 Let’s Encrypt OCSP Responder Returned “Unauthorized” for Some Precertificates

On Mon, Sep 2, 2019 at 12:42 PM Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > If an OCSP server supports returning (or always returns) properties of > the actual cert, such as the CT proofs, then it really cannot do its > usual "good" responses until the

Re: 2019.08.28 Let’s Encrypt OCSP Responder Returned “Unauthorized” for Some Precertificates

On Mon, Sep 2, 2019 at 1:36 PM Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On 02/09/2019 20:13, Alex Cohn wrote: > > On Mon, Sep 2, 2019 at 12:42 PM Jakob Bohm via dev-security-policy < > > dev-security-policy@lists.mozilla.org> wrote: > > > > Waiting

Re: 2019.08.28 Let’s Encrypt OCSP Responder Returned “Unauthorized” for Some Precertificates

On Mon, Sep 2, 2019 at 2:14 PM Alex Cohn via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Mon, Sep 2, 2019 at 12:42 PM Jakob Bohm via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > If an OCSP server supports returning (or always returns)