They all can trivially, the sites should perform OCSP stapling. Privacy was one of the original reasons for proposing it.
> On Jun 14, 2017, at 5:41 PM, Jacob Hoffman-Andrews via Public > <[email protected]> wrote: > > Forwarding on behalf of a colleague at EFF who is working on the Do Not Track > standard: > > -------- Forwarded Message -------- > Subject: OCSP Requests and Do Not Track > Date: Mon, 15 May 2017 16:22:58 -0400 > From: Alan Toner <[email protected] <mailto:[email protected]>> > To: Jacob Hoffman-Andrews <[email protected] <mailto:[email protected]>>, Peter > Eckersley <[email protected] <mailto:[email protected]>> > > > Hi, > > At the Electronic Frontier Foundation we are currently working on an > implementation guide for site owners who have adopted our Do Not Track > (DNT) policy (1). As part of this effort we want to identify service > providers who can comply with the policy for users who send a DNT:1 > header expressing their desire not to be tracked. Certification > Authorities are relevant to this due to the potential for OSCP queries > to track visits to a site even if the site otherwise complies with a > strong DNT. > > We are interested to hear if there are Certification Authorities which > can satisfy our DNT standard in the context of OCSP requests from public > users. Compliance means any logs containing unique identifiers > should be deleted within ten days unless an exception applies - in the > case of a Certification Authority such exceptions would include > suspicions of fraud, security abuse, or the need to debug technical > problems. > > Let's Encrypt has such a policy (2) but we would like to be able to > point to others. If you believe your CA to be compliant, please let us > know so that we can include your organization in our guide. We would > also like to hear from you if there is a section of your privacy policy > which addresses the use of information gathered in the course of OCSP > requests. > > Best, > > Alan Toner > > (1) https://www.eff.org/dnt-policy <https://www.eff.org/dnt-policy> > > (2) https://letsencrypt.org/privacy/ <https://letsencrypt.org/privacy/> > > > _______________________________________________ > Public mailing list > [email protected] > https://cabforum.org/mailman/listinfo/public
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
