[cabfpub] Ballot 100: Extend Deadline - OCSP Good Response

Steve Roylance steve.roylance at globalsign.com
Fri May 24 10:17:13 UTC 2013

Hi Gerv,

I think you'll find that most major CAs who are active in the CABForum
should be OK as the warning came well in advance.  It's only where SubCAs
are involved where there tends to be an issue.   This is why I wanted to
reach out to people offering s/w services for Sub CA management last year
to get this information before setting deadlines that were unrealistic.

We know that Microsoft CA 2003 will not be compatible as OCSP was only
introduced with Server 2008. So SubCAs that use this need to upgrade to
get OCSP at all, never mind about OCSP database based responses.   But
even if they upgrade to Server 2008, or 2008R2, or 2013 then ADCS doesn't
yet support database based OCSP responses.    This list alone represents a
large %age of the community out there.  Tag on to that the fact that EJBC
and Corestreet don't support and you end up with quite a few who need to
take action.   I happen to know Ascertia supports but don't know about
Entrust yet.

Does this help your decision?

Feel free to let me know if you want a quick call.


On 24/05/2013 09:24, "Gervase Markham" <gerv at mozilla.org> wrote:

>On 23/05/13 21:19, Ben Wilson wrote:
>> EFFECTIVE IMMEDIATELY, in order to allow third party vendors of OCSP
>> responders to enable their software to support the requirement, we
>Before voting on this, can each CA tell us which OCSP server vendor they
>use (or if they have written it in house) and what info they have from
>that vendor about their timeframe for supporting this requirement?
>Public mailing list
>Public at cabforum.org

More information about the Public mailing list