undefined | Better HN

0 pointse12e2y ago0 comments

> "Denial of service" is never a security bug.

What about serving certificate revocation list, with another system relying on say one day old cache? (Sure, that's "fail open" - but still...).

Or proxying LDAP for sync to a central auth/authz system?

Ed: proxy giving access to logging system goes down - alert on failed logins silenced, disabling rate limits for brute force attacks?

0 comments

arp2422y ago

Almost any bug in those kind of systems are potential security bugs. Not having the service available at all is probably among the least critical type of bug that can happen.

GoblinSlayer2y ago

AFAIK, mandatory OCSP is turned off by default. Exactly because it fails regularly. Try to turn it on and see how it goes.

account422y ago

For how long does it fail? Because I have not seen any availability issues with OCSP stapling (including must staple in the cert) using Let's Encrypt.

j / k navigate · click thread line to collapse