On 05/09/11 10:57, Rob Stradling wrote: > So if it's "totally broken", why don't you and Kathleen add "OCSP Responders > MUST NOT report 'good' if the certificate is not known to have been issued" to > the Mozilla CA Certificate Policy? Noted :-) Gerv