On 25/01/17 09:52, Werner Koch wrote: > OCSP is used as an alternative to CRLs and not directly related to > privacy.
The OP might have meant "OCSP Stapling" which includes the OCSP data in the data sent by the webserver during TLS session setup. That way, the OCSP data doesn't need to be fetched from an OCSP server, which would leak the fact a certain website certificate is being verified to the OCSP server. OCSP (without stapling) is already possible for the gnupg.org website certificate: > Authority Information Access (not critical): > Access Method: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers) > Access Location URI: > http://crt.usertrust.com/GandiStandardSSLCA2.crt > Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp) > Access Location URI: http://ocsp.usertrust.com HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
