OK so the state of play is that * A new draft was submitted to make it current
* Russ Housley tells me that the transfer of the OID arc back to IANA is almost complete * I am waiting for comments from Brian. On Fri, May 2, 2014 at 12:41 PM, Ben Wilson <b...@digicert.com> wrote: > Does anyone have any update on the status of the must-staple OID? > > -----Original Message----- > From: dev-security-policy > [mailto:dev-security-policy-bounces+ben=digicert....@lists.mozilla.org] On > Behalf Of Brian Smith > Sent: Thursday, April 10, 2014 5:06 PM > To: Phillip Hallam-Baker > Cc: dev-security-policy@lists.mozilla.org > Subject: Re: OCSP and must staple > > On Thu, Apr 10, 2014 at 3:54 PM, Phillip Hallam-Baker > <hal...@gmail.com>wrote: > >> One of the problems with OCSP is the hardfail issue. Stapling reduces >> latency when a valid OCSP token is supplied but doesn't allow a server >> to hardfail if the token isn't provided as there is currently no way >> for a client to know if a token is missing because the server has been >> borked or if the server doesn't staple. >> >> This draft corrects the problem. It has been in IETF limbo due to the >> OID registry moving. But I now have a commitment from the AD that they >> will approve the OID assignment if there is support for this proposal >> from a browser provider: >> > > David Keeler was working on implementing Must-Staple in Gecko. You can point > them to these two bugs: > > https://bugzilla.mozilla.org/show_bug.cgi?id=921907 > https://bugzilla.mozilla.org/show_bug.cgi?id=901698 > > The work got stalled because we decided to fix some infrastructure issues > (like the new mozilla::pkix cert verification library) first. Now that work > is winding down and I think we'll be able to finish the Must-Staple > implementation soon. Check with David. > > Cheers, > Brian > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy -- Website: http://hallambaker.com/ _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy