Hi all,
About a year ago, Torsten already asked for OCSP stapling (http://dovecot.org/pipermail/dovecot/2015-April/100632.html).
Unfortunately, there was no answer to his question.
Now RFC 7633 ("TLS Feature Extension", https://tools.ietf.org/html/rfc7633, a.k.a. "Must Staple") has landed, revocation is getting serious! I personally would like to embed all my TLS certificates with the must-staple extension. The great project Let's Encrypt already supports it: https://github.com/letsencrypt/boulder/pull/1224
I'm aware most MTAs don't really care about the certificate, but big players as Google take TLS encryption very seriously: https://googleblog.blogspot.nl/2016/02/building-safer-web-for-everyone.html
So I would like to know if Dovecot is planning to feature OCSP stapling. That way I know for sure my "must staple" certificates can be used by Dovecot. And in my opinion, every TLS offering daemon should be up to par to the capabilities of TLS.. Not lag behind :)
What's your opinion on this matter?
Thanks in advance for any anwser!
Greets, Osiris