VS: Re: Implementation of TLS OCSP Stapling

Aki Tuomi aki.tuomi at dovecot.fi
Sun Mar 6 09:09:42 UTC 2016


Luckily ocsp stapling is an SSL extension and clients not supporting it won't be asking for it either.
---Aki TuomiDovecot oy
-------- Alkuperäinen viesti --------Lähettäjä: Andrew McGlashan <andrew.mcglashan at affinityvision.com.au> Päivämäärä: 6.3.2016  10.36  (GMT+02:00) Saaja: dovecot at dovecot.org Aihe: Re: Implementation of TLS OCSP Stapling 

On 3/03/2016 11:58 PM, aki.tuomi at dovecot.fi wrote:
> We will take this feature under consideration and see if it can be implemented
> in future release. Thank you for your suggestion!

As much as I hate Outlook (Look Out!), there are loads of people using
really old versions; 2003 is no longer supported, but loads of people
use 2007.  Thunderbird can be expected to be far more up to date.

Implementing features to work with older clients will always be a problem.

Just a simple example, almost unrelated here, but this is either wrong
by TB or wrong by Outlook (versions 2007, 2010 and 2013 that I know of).

When the IMAP server sends a message, OL will pop up a window that
requires the user to acknowledge the message via a popup.  TB just pops
up the message in the normal 'new mail' notify if that is configured and
it might be lost if notify isn't set to show.

Either way, the implementation is different b/w the two client products.
 Is OL right or is TB right... IMAP doco says that the message should be
made to be acknowledged by the client; OL's version can't easily be
ignored or missed, but TB's can easily be missed.  But TB's
implementation is more user friendly if the server wants to keep sending
messages from time to time.  I considered using this for MOTD type stuff
and maybe random inspirational or motivational messages; even to remind
or inform users to do certain things [one example in the dovecot wiki is
to advise that the vacation message is still active].  A TB notification
is next to harmless, but an OL one needs to be acknowledged every time,
which would be very painful.


Anyway, the point is that if a feature is added for OCSP stabling
support, you couldn't really expect older versions of Look Out to comply
with it (even though M$ could patch it easily, they care less about
older versions than getting people to subscribe to Office 365 these days).

Cheers
A.


More information about the dovecot mailing list