Hi, On Wed, 31 May 2017 07:45:23 -0500 Jim Riggs <apache-li...@riggs.me> wrote:
> This was mentioned in today's Bulletproof TLS newsletter > (https://www.feistyduck.com/bulletproof-tls-newsletter/issue_28_lets_encrypt_downtime.html): > > https://blog.hboeck.de/archives/886-The-Problem-with-OCSP-Stapling-and-Must-Staple-and-why-Certificate-Revocation-is-still-broken.html I'm the author of that post, thanks for bringing that up. In the meantime I found that there are even more bugs in the apache bz that are unhandled that sound quite concerning. This one https://bz.apache.org/bugzilla/show_bug.cgi?id=59049 is imho a security vulnerability, yet it's been ignored for over a year. Please note also that I had some conversations with the Linux Foundation / Core Infrastructure Initiative about OCSP stapling and hey indicated that they would consider to provide funding if there's an effort to improve the situation. -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42