Implementation of TLS OCSP Stapling
Stephan Bosch
stephan at rename-it.nl
Thu Mar 3 12:23:47 UTC 2016
Op 3-3-2016 om 13:04 schreef A. Schulze:
>
> dovecot:
>
>> So I would like to know if Dovecot is planning to feature OCSP stapling.
>> That way I know for sure my "must staple" certificates can be used by
>> Dovecot. And in my opinion, every TLS offering daemon should be up to
>> par to the capabilities of TLS.. Not lag behind :)
>>
>> What's your opinion on this matter?
>
> OCSP stapling [c|s]hould be implemented on a server if clients *use*
> that data.
> For WebBrowser this is true.
>
> But I'm not aware of any MUA or MTA that validate certificates via OCSP.
OCSP stapling [c|s]hould be implemented on a client if servers *provide*
that data.
So, who's going to be first... the chicken or the egg? :)
Regards,
Stephan.
More information about the dovecot
mailing list