trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Schaumann <jscha...@netmeister.org>
Subject Certificate Transparency / Expect-CT
Date Tue, 07 Nov 2017 14:58:57 GMT
Hi,

I'm looking for information about in how far ATS supports Certificate
Transparency and the Expect-CT header.

My understanding is that a web server can provide the Signed Certificate
Timestamps (SCTs) -- if they are not embedded in the certificate via an
x509 extension by the CA -- either via a TLS extension or via OCSP
stapling.

I know that ATS can enable OCSP stapling, but I don't know whether that
requires additional settings to include the SCTs, nor do I know the
status of using the TLS extension in ATS.

Does anybody here know if this is available in ATS?

Related to this: is there work to add a simple configuration setting to
set the 'Expect-CT' header?  I'd think it'd make sense to have that be
configurable similar to the way HSTS is enabled in ATS.

Thanks in advance for any pointers on this,
-Jan

Mime
View raw message