Discussion on ATS checking origin certificate revocation status

[djcarlin]

This came up as a result of https://www.digicert.com/support/certificate-revocation-incident

Does ATS check revocation status of origin certificates? If not, should it be a configuration setting to do so?

Regarding which method to use, this recent post from Let's Encrypt indicates OCSP (not stapling) on the way out and CRLs are in fashion again: https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. Marking it stale to flag it for further consideration by the community.