> * the status_request TLS extension doesn't provide a mechanism for
stapling OCSP for intermediate certs.
Nobody does this. There's a handful of reasons, but the end result is: nobody
does this.
> So i think this is a big swirling mishmash of not-quite-compatible and
not-quite-complete specs, especially as we think about TLS clients and
servers that want to be interoperable with both TLS 1.2 and TLS 1.3.
Yes, there are many things that could be cleared out with a BCP doc. I would
be interested in helping with that.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
