[Dylan16807]

If you're willing to put in the effort to implement OCSP in the first place, why not take the couple percent extra time to add must-staple support? This seems like it would have been a very easy to solve chicken and egg problem.

[thayne]

Browsers and CAs did support `must-staple`. Then they decided to drop support for OCSP altogether, in part because not enough servers were using must-staple (or ocsp stapling at all).

As for server implementaions. Most servers, sure it isn't that much harder to use `must-staple`, if you are already doing ocsp stapling. But most servers don't do the stapling at all, because there isn't a strong reason to, and you need to set up a system to periodically fetch and cache the OCSP signatures, and whatever system you use to terminate TLS needs to support it.