On Thu, Apr 10, 2014 at 3:54 PM, Phillip Hallam-Baker <hal...@gmail.com>wrote:
> One of the problems with OCSP is the hardfail issue. Stapling reduces > latency when a valid OCSP token is supplied but doesn't allow a server > to hardfail if the token isn't provided as there is currently no way > for a client to know if a token is missing because the server has been > borked or if the server doesn't staple. > > This draft corrects the problem. It has been in IETF limbo due to the > OID registry moving. But I now have a commitment from the AD that they > will approve the OID assignment if there is support for this proposal > from a browser provider: > > https://tools.ietf.org/html/draft-hallambaker-tlsfeature-02 > > So anyone in mozilla space willing to co-author? > Hi Phillip, I am working on another draft to do something similar with an HTTP header (like Strict-Transport-Security) and I would be happy to co-author with you. Note that I am not a Mozilla Corp employee any more though. Cheers, Brian _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy