Re: OCSP Stapling and Certificate Transparency
On 31 October 2018 at 09:41 "Michael A. Peters" < mpet...@domblogger.net> wrote: On 05/01/2018 09:08 AM, Aki Tuomi wrote: > >> On 01 May 2018 at 19:03 Felipe Gasper < fel...@felipegasper.com >> fel...@felipegasper.com>> wrote: >> >> >> Hi, >> >> For CAs that do not include a signed certificate timestamp in their >> newly-issued certificates, does Dovecot support either OCSP stapling >> or the Certificate Transparency TLS extension? >> >> If the TLS extension is supported, how does the admin configure the >> timestamp for each certificate? >> >> I’m wondering if any MUAs will follow Google’s lead and insist on CT. >> >> Thank you! >> >> -Felipe Gasper >> Mississauga, Ontario > Hi! We are planning to add ocsp stapling support. At least Thunderbird supports must-staple attribute. --- Aki Tuomi Hi, is there any more news on this? Note I don't *personally* need it, but I provide custom dovecot RPMs for CentOS 7 and someone asked how to do it. They want to use a certificate that has the "must staple" feature. (I'm personally more interested in DANE support in clients, which dovecot doesn't need to do anything for, that's client specific) It has not veen forgotten, just has not been done yet. We are bundling it together with other changes related to certificate handling. I cannot provide any schedule for it yet. --- Aki Tuomi
Re: OCSP Stapling and Certificate Transparency
On 05/01/2018 09:08 AM, Aki Tuomi wrote: On 01 May 2018 at 19:03 Felipe Gasper < fel...@felipegasper.com <mailto:fel...@felipegasper.com>> wrote: Hi, For CAs that do not include a signed certificate timestamp in their newly-issued certificates, does Dovecot support either OCSP stapling or the Certificate Transparency TLS extension? If the TLS extension is supported, how does the admin configure the timestamp for each certificate? I’m wondering if any MUAs will follow Google’s lead and insist on CT. Thank you! -Felipe Gasper Mississauga, Ontario Hi! We are planning to add ocsp stapling support. At least Thunderbird supports must-staple attribute. --- Aki Tuomi Hi, is there any more news on this? Note I don't *personally* need it, but I provide custom dovecot RPMs for CentOS 7 and someone asked how to do it. They want to use a certificate that has the "must staple" feature. (I'm personally more interested in DANE support in clients, which dovecot doesn't need to do anything for, that's client specific)
Re: OCSP Stapling and Certificate Transparency
On 01 May 2018 at 19:03 Felipe Gasper < fel...@felipegasper.com> wrote: Hi, For CAs that do not include a signed certificate timestamp in their newly-issued certificates, does Dovecot support either OCSP stapling or the Certificate Transparency TLS extension? If the TLS extension is supported, how does the admin configure the timestamp for each certificate? I’m wondering if any MUAs will follow Google’s lead and insist on CT. Thank you! -Felipe Gasper Mississauga, Ontario Hi! We are planning to add ocsp stapling support. At least Thunderbird supports must-staple attribute. --- Aki Tuomi
OCSP Stapling and Certificate Transparency
Hi, For CAs that do not include a signed certificate timestamp in their newly-issued certificates, does Dovecot support either OCSP stapling or the Certificate Transparency TLS extension? If the TLS extension is supported, how does the admin configure the timestamp for each certificate? I’m wondering if any MUAs will follow Google’s lead and insist on CT. Thank you! -Felipe Gasper Mississauga, Ontario
