On Thu, Dec 03, 2015 at 07:32:43PM +0100, Jakob Bohm wrote: > On 03/12/2015 11:25, Gervase Markham wrote: > >On 30/11/15 22:37, Jakob Bohm wrote: > >>1.2. Certificates that are moved from a server software implementation > >>that does do OCSP stapling to another that doesn't. In particular, > >>such cases should not lead to "certificate pinning errors" or any > >>similar failure modes. > > > >You'll need to get a new cert if you have one which has must-staple in > >it and you want to use it on a webserver which does not support stapling. > > I wonder what the benefit is then (other than some CAs being able to force > their customers to reduce load on their OCSP servers). > > Specifically: Regular stapling already provides the load and > performance benefits when used. Non-stapling would result in an OCSP > or CRL check without the change and/or without the extension, while it > would result in instant failure with the change *and* the extension.
You're assuming a world in which OCSP or CRL checks are done as a matter of course. They're not, because they're largely worthless (OCSP is not perfectly reliable, thus preventing hard-fail semantics, and CRLs are huge, unwieldy, and thus rarely updated by clients). Thus, a certificate without must-staple is able to be used by someone who has acquired the corresponding private key *long* after it has been revoked. On the other hand, a must-staple certificate isn't going to last past the OCSP response lifetime. - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy