Reminder they webpki is still completely broken - now Google OCSP down http://clients1.google.com/ocsp Wonder if there is a targeted attack happening now
-
-
If the client hard fails on OCSP errors, then the client won't be able to access Google websites. No mainstream browser hard fails by default, so practical consequence is likely minimal. Some non-browser clients might hard fail on OCSP errors, but I don't know of any.
-
Also, as a publicly-trusted CA, Google is required to "maintain an online 24x7 Repository that application software can use to automatically check the current status of all unexpired Certificates issued by the CA" [Baseline Requirements]. They are currently in violation.
-
CAs have a history of operating unreliable OCSP responders, but people expect Google to do better, which is why this is being remarked upon.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.