Well it took a long time but LW OCSP finally is done and has its RFC number, its RFC 5019; this profile has been implemented by a number of products, including VISTA and Windows Server 2008 and I sincerely believe its adoption will make the internet a little safer.
For those who have never published a protocol through the IETF, this can be a painful process and can take years to complete even after the specification itself is essentially complete. The scary thing is that this one is just a profile and in theory should have been fairly uncontroversial and therefore fairly quick to get through, unfortunately that’s not the case.
In any event I am very please do see this closed!
[Updated 9/25/2007 11:45AM PST]
Thought I would update the post with some more data, a little birdie told me that I should not be surprised to see LW OCSP supported in OpenSSL in the near future, this would bring support for this concept into
mod_ssl (the most common SSL/TLS module for apache) and thus ultimately
Apache (and for Networking folks many EAP-TLS, PEAP, EAP-TTLS implementations).
This is particularly interesting in that according to
NetCraft Apache has 50.96% install based with IIS following at 34.31% together takes it too %85.27 penetration between these two products. I don’t have access to any data that suggests upgrade trends so I can’t say how soon they would all be running LW OCSP/TLS stapling capable implementations but there is certainly a point in the not so distant future where a significant majority of the web server infrastructure on the Internet is capable of taking advantage of these efforts.
Another relevant data-point is that Verisign already support LW OCSP in its responders and bakes in OCSP pointers into all certificates they issue under their Verisign brand (50% of all of their sites according to
Netcraft), since Verisign is responsible for greater than 75% of all SSL/TLS certificates on the Internet when you account for
their acquisition of GeoTrust (warning PDF link) we are well on our way to see very broad support of these technologies.
[Update 9/26/2007 3:33PM PST]