Re: OCSP and must staple

2014-05-02 Thread Phillip Hallam-Baker
gt; Cc: dev-security-policy@lists.mozilla.org > Subject: Re: OCSP and must staple > > On Thu, Apr 10, 2014 at 3:54 PM, Phillip Hallam-Baker > wrote: > >> One of the problems with OCSP is the hardfail issue. Stapling reduces >> latency when a valid OCSP token is supplied but do

RE: OCSP and must staple

2014-05-02 Thread Ben Wilson
-policy@lists.mozilla.org Subject: Re: OCSP and must staple On Thu, Apr 10, 2014 at 3:54 PM, Phillip Hallam-Baker wrote: > One of the problems with OCSP is the hardfail issue. Stapling reduces > latency when a valid OCSP token is supplied but doesn't allow a server > to hardfai

Re: OCSP and must staple

2014-04-10 Thread Brian Smith
On Thu, Apr 10, 2014 at 3:54 PM, Phillip Hallam-Baker wrote: > One of the problems with OCSP is the hardfail issue. Stapling reduces > latency when a valid OCSP token is supplied but doesn't allow a server > to hardfail if the token isn't provided as there is currently no way > for a client to kno

Re: OCSP and must staple

2014-04-10 Thread Brian Smith
On Thu, Apr 10, 2014 at 3:54 PM, Phillip Hallam-Baker wrote: > One of the problems with OCSP is the hardfail issue. Stapling reduces > latency when a valid OCSP token is supplied but doesn't allow a server > to hardfail if the token isn't provided as there is currently no way > for a client to kno

OCSP and must staple

2014-04-10 Thread Phillip Hallam-Baker
One of the problems with OCSP is the hardfail issue. Stapling reduces latency when a valid OCSP token is supplied but doesn't allow a server to hardfail if the token isn't provided as there is currently no way for a client to know if a token is missing because the server has been borked or if the s