How to deploy Certificate Transparency via OCSP Stapling?


#1

How to deploy Certificate Transparency via OCSP Stapling?


#2

SCT delivery via OCSP is something that the CA (Let’s Encrypt) would have to do. I don’t think Let’s Encrypt plans to use this SCT delivery mechanism.

Let’s Encrypt has plans to embed SCTs in all certificates at some point before Google starts enforcing Certificate Transparency for newly-issued certificates in October.

In the meantime, you could start delivering SCTs through a TLS extension. Google’s CT homepage lists some of the options. That said, without an enforcement mechanism, this would not be all that useful just yet, so you might as well wait for Let’s Encrypt to take care of this for you once Chrome and other browsers start enforcing CT.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.