- From: Daniel Stenberg <daniel@haxx.se>
- Date: Fri, 4 Sep 2020 09:23:10 +0200 (CEST)
- To: Stefan Eissing <stefan.eissing@greenbytes.de>
- cc: Eric J Bowman <mellowmutt@zoho.com>, Willy Tarreau <w@1wt.eu>, Ietf Http Wg <ietf-http-wg@w3.org>
On Fri, 4 Sep 2020, Stefan Eissing wrote: > Many existing OCSP clients in servers (*cough*), use HTTP/1.0 to staple > certificates. I have no data from the IoT devices of the world, but I would > suspect many of them will do as well. On "IoT devices", meaning things that are smaller than what can comfortably run Linux, "HTTP(S) clients" are often the RTOS vendor's 100 lines of C code without error checks full of dirty assumptions which can only be considered HTTP/1.0 at best... Luckily, such devices often use a specific subset of servers for particular purposes so most of those won't randomly go using servers "in the wild". -- / daniel.haxx.se
Received on Friday, 4 September 2020 07:23:49 UTC