Michael Ströder wrote:
Nelson Bolyard wrote:
OCSP stapling allows a TLS server to send a copy of a recent OCSP
response (issued by the issuer of that server's cert) along with the
cert in the TLS handshake, thereby saving the client extra connections
and extra round trips. It reduces load on
Nelson Bolyard wrote:
> OCSP stapling allows a TLS server to send a copy of a recent OCSP
> response (issued by the issuer of that server's cert) along with the
> cert in the TLS handshake, thereby saving the client extra connections
> and extra round trips. It reduces load on OCSP responders.
Ah
Michael Ströder wrote, On 2009-01-15 08:23:
> Johnathan Nightingale wrote:
>> You may also be interested in the work on OCSP-stapling, so that no
>> third party learns about your browsing, but you still get a CA-signed
>> OCSP response. The CAs are interested in this too, since it takes the
>>
Johnathan Nightingale wrote:
> On 9-Jan-09, at 9:38 AM, Michael Ströder wrote:
>> Can OCSP still be disabled? Personally I have strong privacy concerns
>> since when checking for a server cert via OCSP the OCSP responder knows
>> which server you try to access (because the FQDN is in the server cer
On 9-Jan-09, at 9:38 AM, Michael Ströder wrote:
Johnathan Nightingale wrote:
To give you a
somewhat recent example, we were strong proponents of mandatory OCSP
support by 2010 because we think it's better for the health of the
net
to have high-availability revocation information available fo
Johnathan Nightingale wrote:
> To give you a
> somewhat recent example, we were strong proponents of mandatory OCSP
> support by 2010 because we think it's better for the health of the net
> to have high-availability revocation information available for
> high-assurance certs, despite the arguments
6 matches
Mail list logo
