Some information on performance is available here: http://ocspreport.x509labs.com/. You might be able to reach out to them and get the actual data related to number of failed responses.
Whether fails and speed are major issues depends on who you ask. Jeremy -----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digicert....@lists.mozilla.org] On Behalf Of simon.zer...@gmail.com Sent: Friday, August 1, 2014 4:12 AM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: New wiki page on certificate revocation plans Hi, I would really like to see some hard metrics on OSCP failures and SSL/TLS setup speed issues. I use FF a lot with OSCP hard fail enabled and I don't seem to see any hard fails. In addition my SSL/TLS sessions seems to be as quick to set up and responsive as ever. Where is the evidence that OSCP hard fails and these speed issues are actually a problem in the real world? It seems to be repeated that these are major issues, so if that is the case where are the metrics to demonstrate it? Many users such as myself are not happy about the way the Google Chrome project is moving away from best available security towards an incomplete and less secure CRLset method. If you wish to provide a CRLsets type feature that's fine but please don't remove OSCP hard fail. Security is far more important for many users that fractional speed improvements and the illusion of security. Kind Regards Simon Zerafa _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
