[cabfpub] Ballot 100: Extend Deadline - OCSP Good Response

Rob Stradling rob.stradling at comodo.com
Wed May 29 21:44:18 UTC 2013


Hi all.  This post is a genuine attempt to help deal with the problem of 
non-compliant OCSP Responder software, but (I have to be honest) it's 
also a bit of a sales pitch.

I and my colleagues at Comodo reckon that it wouldn't be hard to extend 
our OCSP Responder infrastructure so that we can serve OCSP Responses on 
behalf of other CAs.  All we would need is some sort of feed of either...
   1) issued certificate serial numbers / statuses, for each issuing CA
   or
   2) pre-generated OCSP Responses

So, if there are any CAs that are looking to replace their current OCSP 
Responder solution and would be interested in outsourcing the hosting, 
we'd love to hear from you.  :-)

On 28/05/13 14:31, Steve Roylance wrote:
> Hi Gerv,
>
> I suggest we reach out to the CA platform providers and work with them (as
> I suggested a year ago) so that we don't get to this position again.
>
> I would like to use part of the CABForum website to list compliant s/w
> (open source too) so there's some carrot for working with providers.
>
> I've already approached Ascertia and they should be fine to be compliant.
> I'm sure prime key and others would help whip EJBCA into shape.
>
> Note that when I say compliant, I mean on all points and not just this one
> such that we can be confident we are truly raising the bar everywhere.
>
> Does that work for you?
>
> Steve
>
>
>
> On 28/05/2013 14:17, "Gervase Markham" <gerv at mozilla.org> wrote:
>
>> On 24/05/13 15:59, Joseph.R.Kaluzny at wellsfargo.com wrote:
>>> To add a little history for this particular topic.. we approached
>>> Microsoft with this concern about a year ago and after learning
>>> support was not planned, did approach the CAB and raised this as an
>>> issue for compliance. Response a year ago from CAB was that it would
>>> be re-evaluated this year again to see where the industry is at since
>>> it was well known that some vendors were out of compliance when this
>>> was put into the BR. Since we were told it would be re-evaluated our
>>> expectations were that the BR would be adjusted based on current
>>> conditions. Vendors have not all come up to compliance as  hoped for
>>> so the BR should really be adjusted to allow those remaining products
>>> to be updated or for customers to move off those platforms.
>>
>> What, if anything, do you suggest we do differently this time round to
>> make sure the same thing doesn't happen in a year's time?
>>
>> Gerv
>> _______________________________________________
>> Public mailing list
>> Public at cabforum.org
>> https://cabforum.org/mailman/listinfo/public
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com

COMODO CA Limited, Registered in England No. 04058690
Registered Office:
   3rd Floor, 26 Office Village, Exchange Quay,
   Trafford Road, Salford, Manchester M5 3EQ

This e-mail and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they are 
addressed.  If you have received this email in error please notify the 
sender by replying to the e-mail containing this attachment. Replies to 
this email may be monitored by COMODO for operational or business 
reasons. Whilst every endeavour is taken to ensure that e-mails are free 
from viruses, no liability can be accepted and the recipient is 
requested to use their own virus checking software.



More information about the Public mailing list