You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2014/07/02 22:23:17 UTC

[Bug 50740] Enable OCSP Stapling by default

https://issues.apache.org/bugzilla/show_bug.cgi?id=50740

Ben Wilson <be...@digicert.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ben@digicert.com

--- Comment #19 from Ben Wilson <be...@digicert.com> ---
The Importance of this bug/enhancement needs to be elevated.  It has been over
three years since this was submitted. Current statistics from NetCraft show
that 98% of Apache boxes do not use stapling, whereas 98% of Microsoft boxes
use stapling. The differentiator is whether stapling is on or off by
default--IIS uses OCSP stapling by default. From a policy perspective, OCSP
Stapling is superior for privacy-enhancing and performance reasons because
clients do not have to seek a response from a third party - it comes directly
from the server, which is why it is also a more efficient mechanism. Also, all
major browser platforms support stapling, it is provided in mod-ssl, and
because of these reasons, the number of demands for OCSP stapling
"out-of-the-box" are likely to grow substantially over the next several months.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org