OCSP stapling exists to reduce the latency and client burden involved in establishing an OCSP-verified TLS connection. This is achieved by a TLS extension: "Certificate Status Request".
Basically, what this means is that backend services that want to prove validity of their certificate fetch (and optionally cache for the validity period) OCSP responses from their CA's OCSP responder, and bundle them as part of the TLS handshake. k > On Tue, Oct 30, 2012 at 03:26:21PM +0100, Baptiste wrote: > > Hi, > > > > I discussed about it a few weeks ago with @emericbr @exceliance, but > > he was a bit doubtful about it. > > As far as I'm concerned, I think this would be a nice new feature. > > > > so let's wait for Willy's response. > > well, after having checked the RFC on this, I must confess that what it > provides and the way it's supposed to work are still cryptic to me :-/ > > If someone could explain in a simple way (assuming that something in TLS > can be explained that way), and provide some real world use case, it would > be nice. > > Regards, > Willy
