Hi,
On Wed, 19 Jan 2022 16:57:07 +0200
Yaron Sheffer <yaronf.i...@gmail.com> wrote:
> But this raises a larger question: many client-side implementations
> soft-fail if they don’t get an OCSP response within the handshake,
> i.e. they just ignore the problem. As far as we understand, this
> makes OCSP stapling completely ineffective for what it’s trying to
> solve.
I think the missing piece here is the so-called OCSP "must staple"
extension (RFC 7633).
This allows telling a client in the certificate that a certificate may
only be used if it has a valid staple.
This hasn't seen widespread use yet as far as I know, and one reason is
that up until recently major OCSP stapling implementations were quite
fragile and would behave strangely under conditions like the CA being
offline (kinda also defeating the purpose of stapling). Adding a
hard-fail stapling requirement to a fragile stapling implementation is
not a good idea. This has improvde in Apache recently, however requires
a maybe not widely known option ("MDStapling") that is not the default.
I'm not sure about the situation in nginx.
--
Hanno Böck
https://hboeck.de/
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
