> On Nov 16, 2017, at 12:41 PM, Nik Kostaras <
[hidden email]> wrote:
>
> Hi all,
>
> I'd like to ask your view about OCSP Stapling in postfix.
> Do you think that it adds value for certificate revocation without overcomplicating the code and slowing down the performance
> (assuming that the stapling process and OCSP caching would be handled outside the scope of postfix)
>
> Is it something that will be in the roadmap?
I wasn't planning to support CRLs, OCSP or verifying stapled OCSP
in the Postfix SMTP client, nor OCSP stapling in the Postfix SMTP
server. I think the general industry trend is away from these
mechanisms to short-lived certificates that largely obviate the
need for revocation...
--
Viktor.