On 7/10/23 21:47, Sean Gallagher wrote:
While I am always for security improvements, the utility of this unclear. I will ABSTAIN from this poll.
Presently, any system administrator who intends to issue must-staple certificates, faces the dilemma to either chose to
a) Refrain from issuing must-staple certificates at all, resulting in the loss of a valuable security feature. b) Issue must-staple certificates without an OCSP response in Dovecot, thereby breaking the TLS RFC (and “hope for the best” on the client side…).
or c) use must-staple on a host-by-host basis
I am not using must-staple ... but I have haproxy stapling OCSP for any tcp/443 or udp/443 connection. I do not have any other endpoint (like submission, smtp, imap, etc) doing stapling, but I would like that to be possible.
For those who don't know about it ... OCSP stapling makes the TLS handshake faster because the client does not need to make a separate outgoing OCSP request (which may be quite slow) to verify that the server certificate hasn't been revoked. The stapled OCSP response is signed by the CA and has a very short lifetime, so forging a response is difficult.
Question) Do any popular email user agents validate an OCSP response if stapled? (gut feeling is MAYBE/NO)
Question) Do any query an OCSP server if the OCSP response is not stapled? (gut feeling is NO)
Browsers definitely do validate OCSP and make a query if the OCSP response isn't stapled. I have no idea whether that's done in the browser or the TLS library. If it's in the TLS library (openssl being the most prevalent example), then it is at least POSSIBLE for dovecot and other server software to do it.
Question) Has OCSP really got a future? (gut feeling - a few years at least)
OCSP is something I have been hearing about for quite a while. I think it's probably going to stick around.
Thanks, Shawn