Confirmed users, Administrators
5,526
edits
CA:ImprovingRevocation: Difference between revisions
Jump to navigation
Jump to search
→OCSP Must-Staple
| Line 206: | Line 206: | ||
=== OCSP Must-Staple === | === OCSP Must-Staple === | ||
Websites that implement Must-Staple will get Hard Fail Revocation. | Websites that implement OCSP Must-Staple will get Hard Fail Revocation. | ||
A website may use OCSP Must-Staple to mandate support for revocation checking via OCSP stapling. A site that tells clients that an OCSP status response will always be stapled enables the browser to immediately stop processing when the response is not stapled. | |||
[http://www.ietf.org/mail-archive/web/tls/current/msg10323.html IETF is working on a standardized must-staple mechanism], but it will be a long time before all CAs in our program have deployed that extension in all of the certificates they issue. | [http://www.ietf.org/mail-archive/web/tls/current/msg10323.html IETF is working on a standardized must-staple mechanism], but it will be a long time before all CAs in our program have deployed that extension in all of the certificates they issue. | ||
| Line 225: | Line 227: | ||
* Process Change: To be determined. | * Process Change: To be determined. | ||
=== ''Change Name'' === | === ''Change Name'' === | ||