gnupg website
Peter Lebbing
peter at digitalbrains.com
Wed Jan 25 12:14:53 CET 2017
On 25/01/17 09:52, Werner Koch wrote:
> OCSP is used as an alternative to CRLs and not directly related to
> privacy.
The OP might have meant "OCSP Stapling" which includes the OCSP data in
the data sent by the webserver during TLS session setup. That way, the
OCSP data doesn't need to be fetched from an OCSP server, which would
leak the fact a certain website certificate is being verified to the
OCSP server.
OCSP (without stapling) is already possible for the gnupg.org website
certificate:
> Authority Information Access (not critical):
> Access Method: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)
> Access Location URI: http://crt.usertrust.com/GandiStandardSSLCA2.crt
> Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)
> Access Location URI: http://ocsp.usertrust.com
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list