[cabfpub] subscriber certificate issued by Let´s encrypt
"Barreira Iglesias, Iñigo"
i-barreira at izenpe.eus
Wed Feb 10 11:59:00 UTC 2016
Ups, yes, didn´t see it :-(
But, in any case, my question is if OCSP is a must or not taking into account that the section also says that the following extensions (OCSP, CRL, ...) may be present. Or only when not stapled?
Iñigo Barreira
Responsable del Área técnica
i-barreira at izenpe.eus
945067705
ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente.
-----Mensaje original-----
De: Rob Stradling [mailto:rob.stradling at comodo.com]
Enviado el: miércoles, 10 de febrero de 2016 12:54
Para: Barreira Iglesias, Iñigo; public at cabforum.org
Asunto: Re: [cabfpub] subscriber certificate issued by Let´s encrypt
Hi Iñigo.
That site's cert _does_ have an OCSP URL.
https://crt.sh/?id=12605895
On 10/02/16 11:50, "Barreira Iglesias, Iñigo" wrote:
> Hi,
>
> I´ve been looking at this site https://www.soroa.org and checking with
> the latest BR 1.3.3 have some doubts.
>
> This cert is only for 3 months, which is ok, but it has no OCSP info
> nor CRL (I recall this having one of the issues when debating the
> short lived certificates in which there was no agreement if I´m not
> wrong). In BR 7.1.2.3 section, it says that OCSP is a must but in the
> same section, at the beginning it says “the following extensions MAY
> be present” so not sure to understand if the OSCP must be present or not if not stapled.
>
> OTOH I haven´t gone further on the checking of the cert, but see that
> the root is 1K and SHA1 but is before the effective date so no problem
> there, but if someone want to go deep, do it J
>
> Thanks
>
> *Iñigo Barreira*
> Responsable del Área técnica
> i-barreira at izenpe.eus <mailto:i-barreira at izenpe.eus>
>
> 945067705
>
> Descripción: firma_email_Izenpe_eus
>
> ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta
> egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada
> (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari,
> korreo honi erantzuna. KONTUZ!
> ATENCION! Este mensaje contiene informacion privilegiada o
> confidencial a la que solo tiene derecho a acceder el destinatario. Si
> usted lo recibe por error le agradeceriamos que no hiciera uso de la
> informacion y que se pusiese en contacto con el remitente.
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com
COMODO CA Limited, Registered in England No. 04058690 Registered Office:
3rd Floor, 26 Office Village, Exchange Quay,
Trafford Road, Salford, Manchester M5 3EQ
This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying to the e-mail containing this attachment. Replies to this email may be monitored by COMODO for operational or business reasons. Whilst every endeavour is taken to ensure that e-mails are free from viruses, no liability can be accepted and the recipient is requested to use their own virus checking software.
More information about the Public
mailing list