EV certificates require OCSP: Section 26-A of the issuing criteria requires CAs ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mikemaccana on Dec 22, 2015 \| parent \| context \| favorite \| on: What web developers should know about SSL EV certificates require OCSP: Section 26-A of the issuing criteria requires CAs to support OCSP checking for all certificates issued after Dec. 31, 2010. However as the other poster notes, OCSP stapling includes recent proof that the cert hasn't been revoked the initial handshake, removing additional round trips. See https://en.wikipedia.org/wiki/OCSP_stapling

mikemaccana on Dec 22, 2015 [–]

I should add: OCSP is the baseline requirements, ie. DV SSL certs will also need to support OCSP checking. See https://cabforum.org/wp-content/uploads/Baseline_Requirement...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact