On 03-03-16 14:23, Gedalya wrote:
On 03/03/2016 08:17 AM, dovecot@flut.demon.nl wrote:
On 03/03/2016 07:30 AM, Stephan Bosch wrote:
BTW, I can imagine that Thunderbird can already do that, as it shares much of the Firefox code base. Thunderbird definitely does validate certificates via OCSP, enabled by default and I've run into that the hard way a couple of times wrt StartSSL having issues with their responder. This isn't hypothetical, guys.... OCSP status querying isn't the same as verifying stapled OCSP responses
On 03-03-16 14:09, Gedalya wrote: though. Can't find Thunderbird's support for stapling unfortunately.. No, it's not the same, but the claim was no use of OCSP at all. Either way, this guy claims Thunderbird uses stapling, but with HTTP? http://mobilesociety.typepad.com/mobile_life/2015/03/ocsp-stapling-and-andro... As Stephan pointed out, it's the same code base as Firefox. If someone can name an IMAP server that supports stapling, we could test it. Hmm, that article does mention the request of OCSP status during the TLS session handshake and I can confirm this on my own Thunderbird: the
ClientHellohandshake part *does* include a "status_request" extension of the type OCSP.
So we can assure Andreas there're clients out there who use it :)