I am not ok with this. People want DoH/DoT because their ISP can monitor their browsing habbits and yet it is acceptable to leak every site one visits to a centralized OCSP responder? I do not believe so. I realize this is not the exact same threat model rather just a piece of it not to mention protecting from ISP's also requires ESNI which is not supported yet. Regardless this is stagnation of technology.
The solution? Require all browsers and anything that acts like a browser to support OCSP stapling [1] and have an OCSP stapling flag day to encourage all website operators to enable OCSP stapling. Most load balancers and web servers support OCSP stapling and the most popular browsers already support it.
The solution? Require all browsers and anything that acts like a browser to support OCSP stapling [1] and have an OCSP stapling flag day to encourage all website operators to enable OCSP stapling. Most load balancers and web servers support OCSP stapling and the most popular browsers already support it.
Pros and Cons linked below.
[1] - https://knowledge.digicert.com/quovadis/ssl-certificates/ssl...