On Oct 21, 2020, at 5:02 AM, Hannes Tschofenig <hannes.tschofe...@arm.com> wrote: > this draft mandates OCSCP stapling (for use with TLS 1.3 in EAP-TLS) and I > believe this is a problem for implementations. This extra burden is IMHO > unjustified. For the type of deployments where EAP is used there is no need > for a mandatory certificate revocation checking with OCSP. > > Having it optional, like the use of many other TLS extensions, is fine for > me. FWIW even TLS 1.3, which is used in a more generic environment, does not > mandate the use of OCSP stapling.
I agree. It should be fine to make OCSP stapling optional. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu