- From: Mark Nottingham <mnot@mnot.net>
- Date: Wed, 10 Jan 2018 13:53:40 +1100
- To: Spencer Dawkins <spencerdawkins.ietf@gmail.com>
- Cc: The IESG <iesg@ietf.org>, draft-ietf-httpbis-origin-frame@ietf.org, Patrick McManus <mcmanus@ducksong.com>, HTTP Working Group <ietf-http-wg@w3.org>
Hi Spencer, > On 9 Jan 2018, at 1:43 am, Spencer Dawkins <spencerdawkins.ietf@gmail.com> wrote: > > I don't object to publishing this document, but I do have an honest question. > Is OCSP sufficiently robust and stable that you're expecting OCSP checks to > work as a security mitigation? > > I remember some concerns about that in the SIP community, probably three years > ago, and thought I should ask before the document is approved. On the Web I think it's reasonable, when using OCSP stapling. Note that it's given as an example here; it's up to an implementation to decide what's appropriate. Thanks, -- Mark Nottingham https://www.mnot.net/
Received on Wednesday, 10 January 2018 02:54:13 UTC