Hi Michael,
Absolutely, the text which Joe sent (with subject Consensus Call on OCSP
usage), and which I re-iterated in my email is only saying that OCSP stapling
is mandatory to implement on the server. Clients SHOULD implement and use it
but of course they are free not do so.
However, you su
Mohit Sethi M wrote:
> So we were already saying "SHOULD" for OCSP in 2008 when RFC 5216 was
> published. And now 12/13 years later, some people in the working group
> are suggesting to make the security stance weaker. For what? Some
> speculative insecure future deployments? Plea
