hi @ivanristic can you explain what "OCSP ERROR: Next update not provided" exactly means? currently shown on letsencrypt page
-
-
Replying to @hanno
@hanno@ivanristic it means it is missing the expiry time. See: https://www.cem.me/20150401-cert-binaries-7.html …2 replies 1 retweet 2 likes -
Replying to @ivanristic
@ivanristic@ECCTLS@hanno In RFCs of OCSP and CRL, nextUpdate field is OPTIONAL. So it can be omitted.2 replies 0 retweets 0 likes -
Replying to @kjur1 reply 0 retweets 0 likes
-
Replying to @ivanristic
@ivanristic@ECCTLS@hanno Thank you for correction.1 reply 0 retweets 0 likes -
Replying to @kjur
@kjur@ivanristic@hanno I am curious how long past the thisUpdate each browser will accept an attacker's stapled response w/o a nextUpdate.2 replies 0 retweets 0 likes -
Replying to @ECCTLS
@ECCTLS@kjur@ivanristic@hanno In mozilla::pkix, 1 day: https://github.com/briansmith/mozillapkix/blob/a90b9d1422206da2300d5af4335f8ff2b2d24a65/lib/pkixocsp.cpp#L635 …1 reply 0 retweets 0 likes
@ECCTLS @kjur @ivanristic @hanno Actually, it is 2 days, because we also add 1 day to account for clock skew.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.