Implementation of TLS OCSP Stapling
dovecot at flut.demon.nl
dovecot at flut.demon.nl
Thu Mar 3 10:16:50 UTC 2016
Hi all,
About a year ago, Torsten already asked for OCSP stapling
(http://dovecot.org/pipermail/dovecot/2015-April/100632.html).
Unfortunately, there was no answer to his question.
Now RFC 7633 ("TLS Feature Extension",
https://tools.ietf.org/html/rfc7633, a.k.a. "Must Staple") has landed,
revocation is getting serious! I personally would like to embed all my
TLS certificates with the must-staple extension. The great project Let's
Encrypt already supports it:
https://github.com/letsencrypt/boulder/pull/1224
I'm aware most MTAs don't really care about the certificate, but big
players as Google take TLS encryption very seriously:
https://googleblog.blogspot.nl/2016/02/building-safer-web-for-everyone.html
So I would like to know if Dovecot is planning to feature OCSP stapling.
That way I know for sure my "must staple" certificates can be used by
Dovecot. And in my opinion, every TLS offering daemon should be up to
par to the capabilities of TLS.. Not lag behind :)
What's your opinion on this matter?
Thanks in advance for any anwser!
Greets, Osiris
More information about the dovecot
mailing list