On 03/03/2016 08:17 AM, dovecot@flut.demon.nl wrote:
On 03/03/2016 07:30 AM, Stephan Bosch wrote:
BTW, I can imagine that Thunderbird can already do that, as it shares much of the Firefox code base. Thunderbird definitely does validate certificates via OCSP, enabled by default and I've run into that the hard way a couple of times wrt StartSSL having issues with their responder. This isn't hypothetical, guys.... OCSP status querying isn't the same as verifying stapled OCSP responses
On 03-03-16 14:09, Gedalya wrote: though. Can't find Thunderbird's support for stapling unfortunately.. No, it's not the same, but the claim was no use of OCSP at all. Either way, this guy claims Thunderbird uses stapling, but with HTTP? http://mobilesociety.typepad.com/mobile_life/2015/03/ocsp-stapling-and-andro... As Stephan pointed out, it's the same code base as Firefox. If someone can name an IMAP server that supports stapling, we could test it.