Our super unpublished RFC. Sadly no. We're still investigating, but it looks like it has to do with pre-certs and the way the system responds if when the actual cert never issued. We're working on an incident report. Funny enough (and not in the ha-ha way), the system works if the pre-cert was revoked but not if the pre-cert issued but something terrible happened between pre-cert issuance and real cert issuance.
-----Original Message----- From: dev-security-policy <[email protected]> On Behalf Of Peter Gutmann via dev-security-policy Sent: Tuesday, August 27, 2019 7:27 PM To: [email protected]; Curt Spann <[email protected]> Subject: Re: DigiCert OCSP services returns 1 byte Curt Spann via dev-security-policy <[email protected]> writes: >I created the following bug: >https://bugzilla.mozilla.org/show_bug.cgi?id=1577014 Maybe it's an implementation of OCSP SuperDietLite, 1 = revoked, 0 = not revoked. In terms of it being unsigned, you can get the same effect by setting respStatus = TRYLATER, no signature required. Peter. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
