[exim-dev] [Bug 1466] New: Support entire certificate chain for OCSP stapling

------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1466
           Summary: Support entire certificate chain for OCSP stapling
           Product: Exim
           Version: 4.82
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: security
          Priority: low
         Component: TLS
        AssignedTo: pdp@???
        ReportedBy: jgh146exb@???
                CC: exim-dev@???

The original OCSP RFC, 6066, provides for a single OCSP proof (for the server
certificate). A later RFC, https://www.ietf.org/rfc/rfc6961.txt specifies a
TLS extension for multiple certificate status requests. We should consider
supporting it.

Concerns include the resulting size and overhead of the TLS startup; suggested
mitigation includes caching.

See also:
http://www.ietf.org/mail-archive/web/tls/current/msg09566.html
http://bugs.exim.org/show_bug.cgi?id=1459

--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

Ce message fait partie du fil suivant :
	Arborescence complète du fil triée par date

[exim-dev] [Bug 1466] New: Support entire certificate chain …