On Wed, 24 Jul 2024 at 23:19, William Lallemand <wlallem...@irq6.net> wrote: > > On Wed, Jul 24, 2024 at 10:32:16PM +0200, Aleksandar Lazic wrote: > > Does this announcement have any impact to HAProxy? > > > > "Intent to End OCSP Service" > > https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html > > https://news.ycombinator.com/item?id=41046956 > > > > I read about this yesterday and my impression is that they are trying to use > the excuse of the privacy problems to end a > service that they have difficulties to scale.
I agree. Google disabled online/active OCSP requests a long time ago - more than a decade. Here's more argumentation: https://docs.google.com/document/d/180T6cDSWPy54Rb5d6R4zN7MuLEMShaZ4IRLQgdPqE98/edit?pli=1 They claim OCSP must-staple is basically unused, OCSP stapling itself is not much used (8%), it's complicated and they do not want to rely on it. I guess it's one less feature we have to care about, but I wish they would have made up their mind 10 years ago and spared us all the pain. Lukas
