Now we have ACME, why not move to 3 day certs issued daily and avoid the need for revocation entirely?
On Fri, Sep 16, 2022 at 11:43 AM Salz, Rich <rsalz= 40akamai....@dmarc.ietf.org> wrote: > I think this is of general interest, so I’m posting here rather than > poking friends I know. > > > > Browsers are phasing out doing OCSP queries themselves. The common > justification, which makes sense to me, is that there are privacy concerns > about leaking where a user is surfing. > > > > My question is, what are browsers doing, and planning, on doing about OCSP > stapled responses? I think there are three possibilities: > > No stapled response > > A stapled, valid, “good” response > > A stapled, expired or “bad” response > > > > I can imagine two possibilities, proceeding or popping up a warning page. > I haven’t seen the warning when there is no OCSP response, but maybe that > does happen. > > > > We’re still going to staple good responses, when we have them, but I am > wondering if long-term we should still bother? > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls