On Tue, Jan 9, 2018 at 6:53 PM, Mark Nottingham <mnot@mnot.net> wrote: > Hi Spencer, > > > On 9 Jan 2018, at 1:43 am, Spencer Dawkins < > spencerdawkins.ietf@gmail.com> wrote: > > > > I don't object to publishing this document, but I do have an honest > question. > > Is OCSP sufficiently robust and stable that you're expecting OCSP checks > to > > work as a security mitigation? > > > > I remember some concerns about that in the SIP community, probably three > years > > ago, and thought I should ask before the document is approved. > > On the Web I think it's reasonable, when using OCSP stapling. Note that > it's given as an example here; it's up to an implementation to decide > what's appropriate. > Well, it's potentially reasonable with MUST STAPLE, though the exposure window is pretty long -Ekr > > Thanks, > > -- > Mark Nottingham https://www.mnot.net/ > >
Received on Wednesday, 10 January 2018 03:22:26 UTC