From a1f672e7b93a77960b1d58d39a627827a974031c Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Mon, 29 Mar 2021 15:23:28 -0400
Subject: [PATCH] move unimportant OCSP stapling feature

---
 static/features.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/static/features.html b/static/features.html
index 0e8afb1e..8c9a6617 100644
--- a/static/features.html
+++ b/static/features.html
@@ -212,7 +212,6 @@
                     <li>Authenticated encryption for all of our services</li>
                     <li>Strong cipher configurations for all of our services (SSH, TLS, etc.) with
                     only modern AEAD ciphers providing forward secrecy</li>
-                    <li>Our web services use robust OCSP stapling with Must-Staple</li>
                     <li>Our web sites do not include any third party content and entirely forbid
                     it via strict Content Security Policy rules</li>
                     <li>Our web sites disable referrer headers to maximize privacy</li>
@@ -229,6 +228,7 @@
                     when sending mail including alert messages from the attestation service</li>
                     <li>SSHFP across all domains for pinning SSH keys</li>
                     <li>Static key pinning for our services in apps like Auditor</li>
+                    <li>Our web services use robust OCSP stapling with Must-Staple</li>
                     <li>No persistent cookies or similar client-side state for anything other than
                     login sessions, which are set up via SameSite=strict cookies and have
                     server-side session tracking with the ability to log out of other