-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request for OCSP Stapling #499
Comments
Despite the above, it looks like SSL Labs is still saying we don't have OCSP stapling enabled? I found an AWS Developer Forum Thread where they point to the the docs on OCSP stapling posted above as an answer to why someone did not see OCSP stapling. |
From Amazon's docs on OCSP stapling:
So it looks like the servers in edge locations will only have OCSP stapling enabled when they receive multiple requests from a client over some period of time. |
@konklone given the info ^^, should we leave this open? Seems like it should be closed unless we want off CloudFront |
Let's close it and re-open if it emerges as a more significant issue later. |
However, note that if Federalist ever needs to explicitly discuss the third parties that might receive data about visitors to Federalist sites, the certificate authority will need to be listed as a potential third party that will get pinged. One of the benefits of OCSP stapling is that it removes this data sharing. |
kk, I'm going to move this to our icebox but leave it open |
Closing; can reopen if ever asked. |
Per 18F/18f.gsa.gov#292
The text was updated successfully, but these errors were encountered: