On 5/15/20, Peter Gutmann via dev-security-policy <[email protected]> wrote: > Hanno Böck <[email protected]> writes: > >>The impact it had was a monitoring system that checked whether the >>certificate of a host was okay, using gnutls-cli with ocsp enabled (which >>also uncovered a somewhat unexpected inconsistency in how the gnutls cli >> tool >>behaves[1]). > > Sure, but if the only impact was on a specially-configured setup > (gnutls-cli > with OCSP explicitly enabled rather than a standard web browser) then it > didn't have any real impact on actual users.
How is this situation different from the time when the google ocsp service was down? https://groups.google.com/forum/?_escaped_fragment_=topic/mozilla.dev.security.policy/MMO3HSYghwQ Not a whole lot of people noticed that.. but there was a real impact on some actual users. Lee _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
