AnsweredAssumed Answered

RFC-7633 for Must-Staple

Question asked by JY4iNIPqZaTp on Jan 30, 2017
Latest reply on Feb 8, 2017 by JY4iNIPqZaTp

Can you extend the "OCSP Must Staple" test similarly to the "DNS CAA" test,

by reading the server headers in addition to the certificate?

 

Example of server header:

Must-Staple max-age=31536000;includeSubDomains;

 

Ref. https://wiki.mozilla.org/CA:ImprovingRevocation#OCSP_Must-Staple

 

Thank you.

Outcomes