[Servercert-wg] OCSP Service Availability
Ben Wilson
bwilson at mozilla.com
Thu May 14 09:02:32 MST 2020
As mentioned on the Server Certificate WG call today, I would like to
discuss this a little bit within the Network Security WG.
On Mon, May 11, 2020 at 11:46 AM Ben Wilson <bwilson at mozilla.com> wrote:
> OCSP uptime has recently been discussed in the m.d.s.p. list[1] and a
> suggestion has been made that we address OCSP uptime in the Mozilla Root
> Store Policy.[2] Section 4.10.2 of the Baseline Requirements only specify
> 24x7 availability.[3] It could be argued that this is a requirement for
> 100% uptime. I know that many CAs have SLAs that commit to less than 100%
> uptime. What is a reasonable baseline requirement? I am interested in
> co-sponsoring a ballot that says what an expected reasonable uptime should
> be.
>
> [1]
> https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/Pnyo3vhMhJY
> <https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/Pnyo3vhMhJY>
> [2] https://github.com/mozilla/pkipolicy/issues/214
> [3] https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.7.0.pdf
> Section 4.10.2 says, "The CA SHALL maintain an online 24x7 Repository
> that application software can use to automatically check the current status
> of all unexpired Certificates issued by the CA."
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20200514/4d4710f3/attachment.html>
More information about the Servercert-wg
mailing list