[Servercert-wg] OCSP Service Availability
Ben Wilson
bwilson at mozilla.com
Mon May 11 10:46:35 MST 2020
OCSP uptime has recently been discussed in the m.d.s.p. list[1] and a
suggestion has been made that we address OCSP uptime in the Mozilla Root
Store Policy.[2] Section 4.10.2 of the Baseline Requirements only specify
24x7 availability.[3] It could be argued that this is a requirement for
100% uptime. I know that many CAs have SLAs that commit to less than 100%
uptime. What is a reasonable baseline requirement? I am interested in
co-sponsoring a ballot that says what an expected reasonable uptime should
be.
[1]
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/Pnyo3vhMhJY
<https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/Pnyo3vhMhJY>
[2] https://github.com/mozilla/pkipolicy/issues/214
[3] https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.7.0.pdf
Section 4.10.2 says, "The CA SHALL maintain an online 24x7 Repository that
application software can use to automatically check the current status of
all unexpired Certificates issued by the CA."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20200511/4731eced/attachment.html>
More information about the Servercert-wg
mailing list