Hi Michael,
Absolutely, the text which Joe sent (with subject Consensus Call on OCSP
usage), and which I re-iterated in my email is only saying that OCSP stapling
is mandatory to implement on the server. Clients SHOULD implement and use it
but of course they are free not do so.
However, you su
Mohit Sethi M wrote:
> So we were already saying "SHOULD" for OCSP in 2008 when RFC 5216 was
> published. And now 12/13 years later, some people in the working group
> are suggesting to make the security stance weaker. For what? Some
> speculative insecure future deployments? Plea
Dear all,
Sorry for the radio silence. I have over-committed myself to too many things. I
think I have now read the entire discussion on OCSP.
EAP-TLS with TLS 1.3 is a working group document so the text will reflect
whatever the working group wants. The authors and contributors are at the
ser
