Re: Spencer Dawkins' No Objection on draft-ietf-httpbis-origin-frame-04: (with COMMENT)

Hi Spencer,

> On 9 Jan 2018, at 1:43 am, Spencer Dawkins <> wrote:
> I don't object to publishing this document, but I do have an honest question.
> Is OCSP sufficiently robust and stable that you're expecting OCSP checks to
> work as a security mitigation?
> I remember some concerns about that in the SIP community, probably three years
> ago, and thought I should ask before the document is approved.

On the Web I think it's reasonable, when using OCSP stapling. Note that it's given as an example here; it's up to an implementation to decide what's appropriate.


Mark Nottingham

Received on Wednesday, 10 January 2018 02:54:13 UTC