Hi, On Wed, 19 Jan 2022 16:57:07 +0200 Yaron Sheffer <yaronf.i...@gmail.com> wrote:
> But this raises a larger question: many client-side implementations > soft-fail if they don’t get an OCSP response within the handshake, > i.e. they just ignore the problem. As far as we understand, this > makes OCSP stapling completely ineffective for what it’s trying to > solve. I think the missing piece here is the so-called OCSP "must staple" extension (RFC 7633). This allows telling a client in the certificate that a certificate may only be used if it has a valid staple. This hasn't seen widespread use yet as far as I know, and one reason is that up until recently major OCSP stapling implementations were quite fragile and would behave strangely under conditions like the CA being offline (kinda also defeating the purpose of stapling). Adding a hard-fail stapling requirement to a fragile stapling implementation is not a good idea. This has improvde in Apache recently, however requires a maybe not widely known option ("MDStapling") that is not the default. I'm not sure about the situation in nginx. -- Hanno Böck https://hboeck.de/ _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls