New submission from Philip Prindeville <phil...@redfish-solutions.com>:
When TLS client certificates are used for authentication, servers need to ensure that the certificate is current and hasn't been revoked. In zero-trust and other architectures with heavy use of micro-services, server-side validation of the client certs repeatedly can be a significant burden. Forcing the client to present a signed, stapled OCSP response to the handshake eliminates this repetitive extra step. ---------- assignee: christian.heimes components: SSL messages: 398592 nosy: christian.heimes, pprindeville priority: normal severity: normal status: open title: SSL needs client OCSP stapling type: enhancement _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue44783> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com