Am 25.01.2017 um 12:14 schrieb Peter Lebbing: > On 25/01/17 09:52, Werner Koch wrote: >> OCSP is used as an alternative to CRLs and not directly related to >> privacy. > > The OP might have meant "OCSP Stapling" which includes the OCSP data in > the data sent by the webserver during TLS session setup. That way, the > OCSP data doesn't need to be fetched from an OCSP server, which would > leak the fact a certain website certificate is being verified to the > OCSP server.
Yes that is what I meant, sorry for the confusion. I think this might be relevant for some people who would prefer not to trigger unnecessary queries for privacy reasons. Anyways ssllabs shows a warning that the website will be degraded from A to C in a month. Not sure that matters all that much, but if there is an oppertunity to change the available ciphers at some point... _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
