OCSP stapling

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

OCSP stapling

Nikk
Hi all,

I'd like to ask your view about OCSP Stapling in postfix.
Do you think that it adds value for certificate revocation without overcomplicating the code and slowing down the performance
(assuming that the stapling process and OCSP caching would be handled outside the scope of postfix)

Is it something that will be in the roadmap?

Many thanks,

Nik Kostaras

Team Leader

[Telephone] +44 118 903 8635

[Twitter]@clearswift

[Clearswift] <http://www.clearswift.com/>

1310 Waterside | Arlington Business Park | Theale | Berkshire | RG7 4SA | United Kingdom


Adaptive Security & Data Loss Prevention solutions for email, web, cloud apps and endpoint. On-premise and Hosted deployment options available.

Read a Case Study<https://www.clearswift.com/sites/default/files/documents/Case-studies/Clearswift_Volusia_Schools_Office365_Casestudy.pdf> to learn how Clearswift helped a customer to enhance information security in their Microsoft Office 365 deployment.
Reply | Threaded
Open this post in threaded view
|

Re: OCSP stapling

Viktor Dukhovni


> On Nov 16, 2017, at 12:41 PM, Nik Kostaras <[hidden email]> wrote:
>
> Hi all,
>
> I'd like to ask your view about OCSP Stapling in postfix.
> Do you think that it adds value for certificate revocation without overcomplicating the code and slowing down the performance
> (assuming that the stapling process and OCSP caching would be handled outside the scope of postfix)
>
> Is it something that will be in the roadmap?

I wasn't planning to support CRLs, OCSP or verifying stapled OCSP
in the Postfix SMTP client, nor OCSP stapling in the Postfix SMTP
server.  I think the general industry trend is away from these
mechanisms to short-lived certificates that largely obviate the
need for revocation...

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

RE: OCSP stapling

Nikk
Thanks Viktor!

Regards,
Nik

This e-mail and any files transmitted with it are strictly confidential, may be privileged and are intended only for use by the addressee unless otherwise indicated.  If you are not the intended recipient any use, dissemination, printing or copying is strictly prohibited and may be unlawful.  If you have received this e-mail in error, please delete it immediately and contact the sender as soon as possible.  Clearswift cannot be held liable for delays in receipt of an email or any errors in its content. Clearswift accepts no responsibility once an e-mail and any attachments leave us. Unless expressly stated, opinions in this message are those of the individual sender and not of Clearswift.

This email message has been inspected by Clearswift for inappropriate content and security threats.

To find out more about Clearswift’s solutions please visit www.clearswift.com