DigiCert: Apple: Precertificates without corresponding certificates return OCSP value of "unknown"
Categories
(CA Program :: CA Certificate Compliance, task)
Tracking
(Not tracked)
People
(Reporter: wthayer, Assigned: certification_authority)
Details
(Whiteboard: [ca-compliance])
Apple posted the following to the mozilla.dev.security.policy forum on 13-September:
We’ve been following the discussions regarding how OCSP responders should handle Precertificates without corresponding certificates and what the appropriate response indicator should be (good, revoked, or unknown).
Based on the recent clarifications at [1], we want to inform the community that Apple’s OCSP responders return a status of “unknown” for Precertificates without a corresponding certificate. We have identified one Precertificate that did not result in a corresponding certificate for which our OCSP responders are returning a status of “unknown” (https://crt.sh/?id=1368484681).
We’ve updated the OCSP responders to respond “good” for that Precertificate and a long-term fix is in progress.
We appreciate the efforts being made to amend the Mozilla Root Store Policy to explicitly address matters relating to Certificate Transparency.
[1] https://groups.google.com/d/msg/mozilla.dev.security.policy/LC_y8yPDI9Q/24Fl9kc-AQAJ
Reporter | ||
Comment 1•5 years ago
|
||
Thank you for the incident report. Given the outcome of the discussion on the mozilla.dev.security.policy list [1], I'm resolving this incident as INVALID.
[1] https://groups.google.com/d/msg/mozilla.dev.security.policy/LC_y8yPDI9Q/tPrL7rNkBAAJ
Updated•2 years ago
|
Description
•