Good idea. It’s also a best practice as defined in the recent BCP document (bottom of section 6.5 of RFC 7525) Yoav > On 1 Aug 2016, at 9:58 PM, Glen <glen@xxxxxxxx> wrote: > > Dear IETF Community: > > At IETF-Action, we received the following request: > >> Currently I cannot view anything on the IETF website because your >> certificate authorities OCSP server is down and I cannot verify that >> the certificate has not been revoked. >> Please enable OCSP stapling on your webservers so that in the future >> your availability in browsers that require OCSP checks (Firefox with >> strict revocation checks enabled in my case) can still access your >> site without it being dependant on your CAs OCSP service. > > I have referred this matter to the TMC, and they have asked me to > refer this out to the community. > > Absent any objections to this, we will enable OCSP Stapling as > requested later this week. If there are any objections or comments, > please make them known on this list for community debate. (Although I > don't normally follow the IETF list, I will be doing so for the > duration of the discussion.) > > Thank you for your review of this matter! > > Glen > Glen Barney > IT Director > AMS (IETF Secretariat) >