[cabfpub] Ballot 100: Extend Deadline - OCSP Good Response

[Rob Stradling]

On 29/05/13 22:44, Rob Stradling wrote:
> Hi all.  This post is a genuine attempt to help deal with the problem of
> non-compliant OCSP Responder software, but (I have to be honest) it's
> also a bit of a sales pitch.
>
> I and my colleagues at Comodo reckon that it wouldn't be hard to extend
> our OCSP Responder infrastructure so that we can serve OCSP Responses on
> behalf of other CAs.  All we would need is some sort of feed of either...
>     1) issued certificate serial numbers / statuses, for each issuing CA
>     or
>     2) pre-generated OCSP Responses

For option 1 only: I forgot to mention that we would also need each 
issuing CA to issue a delegated OCSP Signing Certificate.  Comodo would 
hold the associated OCSP Signing Private Keys in our CA HSMs.

> So, if there are any CAs that are looking to replace their current OCSP
> Responder solution and would be interested in outsourcing the hosting,
> we'd love to hear from you.  :-)
>
> On 28/05/13 14:31, Steve Roylance wrote:
>> Hi Gerv,
>>
>> I suggest we reach out to the CA platform providers and work with them (as
>> I suggested a year ago) so that we don't get to this position again.
>>
>> I would like to use part of the CABForum website to list compliant s/w
>> (open source too) so there's some carrot for working with providers.
>>
>> I've already approached Ascertia and they should be fine to be compliant.
>> I'm sure prime key and others would help whip EJBCA into shape.
>>
>> Note that when I say compliant, I mean on all points and not just this one
>> such that we can be confident we are truly raising the bar everywhere.
>>
>> Does that work for you?
>>
>> Steve
>>
>>
>>
>> On 28/05/2013 14:17, "Gervase Markham" <gerv at mozilla.org> wrote:
>>
>>> On 24/05/13 15:59, Joseph.R.Kaluzny at wellsfargo.com wrote:
>>>> To add a little history for this particular topic.. we approached
>>>> Microsoft with this concern about a year ago and after learning
>>>> support was not planned, did approach the CAB and raised this as an
>>>> issue for compliance. Response a year ago from CAB was that it would
>>>> be re-evaluated this year again to see where the industry is at since
>>>> it was well known that some vendors were out of compliance when this
>>>> was put into the BR. Since we were told it would be re-evaluated our
>>>> expectations were that the BR would be adjusted based on current
>>>> conditions. Vendors have not all come up to compliance as  hoped for
>>>> so the BR should really be adjusted to allow those remaining products
>>>> to be updated or for customers to move off those platforms.
>>>
>>> What, if anything, do you suggest we do differently this time round to
>>> make sure the same thing doesn't happen in a year's time?
>>>
>>> Gerv
>>> _______________________________________________
>>> Public mailing list
>>> Public at cabforum.org
>>> https://cabforum.org/mailman/listinfo/public
>>
>>
>> _______________________________________________
>> Public mailing list
>> Public at cabforum.org
>> https://cabforum.org/mailman/listinfo/public
>>
>

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com

COMODO CA Limited, Registered in England No. 04058690
Registered Office:
   3rd Floor, 26 Office Village, Exchange Quay,
   Trafford Road, Salford, Manchester M5 3EQ

This e-mail and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they are 
addressed.  If you have received this email in error please notify the 
sender by replying to the e-mail containing this attachment. Replies to 
this email may be monitored by COMODO for operational or business 
reasons. Whilst every endeavour is taken to ensure that e-mails are free 
from viruses, no liability can be accepted and the recipient is 
requested to use their own virus checking software.