Implementation of TLS OCSP Stapling

Stephan Bosch stephan at rename-it.nl
Thu Mar 3 12:30:15 UTC 2016



Op 3-3-2016 om 13:04 schreef A. Schulze:
>
> dovecot:
>
>> So I would like to know if Dovecot is planning to feature OCSP stapling.
>> That way I know for sure my "must staple" certificates can be used by
>> Dovecot. And in my opinion, every TLS offering daemon should be up to
>> par to the capabilities of TLS.. Not lag behind :)
>>
>> What's your opinion on this matter?
>
> OCSP stapling [c|s]hould be implemented on a server if clients *use* 
> that data.
> For WebBrowser this is true.
>
> But I'm not aware of any MUA or MTA that validate certificates via OCSP.

BTW, I can imagine that Thunderbird can already do that, as it shares 
much of the Firefox code base. At least it should be relatively easy to 
add/enable there.

Regards,

Stephan.





More information about the dovecot mailing list