Reminder they webpki is still completely broken - now Google OCSP down http://clients1.google.com/ocsp Wonder if there is a targeted attack happening now
-
-
Also, as a publicly-trusted CA, Google is required to "maintain an online 24x7 Repository that application software can use to automatically check the current status of all unexpired Certificates issued by the CA" [Baseline Requirements]. They are currently in violation.
-
CAs have a history of operating unreliable OCSP responders, but people expect Google to do better, which is why this is being remarked upon.
End of conversation
New conversation -
-
-
A frequent source of grief from these events is with web servers that perform OCSP stapling for their sites. When they are unable to refresh their OSCP data they stop serving.
-
Very true. But to be clear, the Google CA doesn't issue certificates to the general public, so that doesn't apply in this case.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.