You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As we move towards dropping OCSP support, we have to drop support for Must-Staple as well. We want to do so in a graceful way, by first blocking that extension for folks who have never used Must-Staple in the past, and only dropping support at the last minute for those who have been actively using it.
To that end, the RA (probably; maybe the CA) needs to grow a new config field which can load an allow-list of accounts which can request the Must-Staple extension, and logic to reject finalize requests from accounts not on that allow-list.
The text was updated successfully, but these errors were encountered:
As we move towards dropping OCSP support, we have to drop support for Must-Staple as well. We want to do so in a graceful way, by first blocking that extension for folks who have never used Must-Staple in the past, and only dropping support at the last minute for those who have been actively using it.
We announced this plan here: https://letsencrypt.org/2024/12/05/ending-ocsp/#must-staple
To that end, the RA (probably; maybe the CA) needs to grow a new config field which can load an allow-list of accounts which can request the Must-Staple extension, and logic to reject finalize requests from accounts not on that allow-list.
The text was updated successfully, but these errors were encountered: