[e12e]

> "Denial of service" is never a security bug.

What about serving certificate revocation list, with another system relying on say one day old cache? (Sure, that's "fail open" - but still...).

Or proxying LDAP for sync to a central auth/authz system?

Ed: proxy giving access to logging system goes down - alert on failed logins silenced, disabling rate limits for brute force attacks?

[arp242]

Almost any bug in those kind of systems are potential security bugs. Not having the service available at all is probably among the least critical type of bug that can happen.

[GoblinSlayer]

AFAIK, mandatory OCSP is turned off by default. Exactly because it fails regularly. Try to turn it on and see how it goes.

[account42]

For how long does it fail? Because I have not seen any availability issues with OCSP stapling (including must staple in the cert) using Let's Encrypt.