On 2016-09-05 17:55, Jakob Bohm wrote:
Indeed, I have found that a number of common web server implementations simply lack the ability to do OCSP stapling at all.
I would really like to see OCSP stapling as mandatory. There currently only seem to be around 25% of the servers that do it, and the progress seem to be very slow. I'm wondering if there is something we can do so that it's used more.
About the only idea I have is to do something with TLS 1.3, like if you have a non self-signed certificate OCSP stapling is mandatory. But I don't see that working out.
Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
