Seems like a lot of anecdotes are being shared with respect to hard fail without a lot of data. Do the browsers have more data on this? Considering the X.509 labs shows nearly 100% availability with response times of about 100 ms, data showing in-depth info on failure rates (and the reasons why) would help drive the discussion in a productive direction.
Jeremy -----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digicert....@lists.mozilla.org] On Behalf Of Matthias Hunstock Sent: Monday, August 4, 2014 2:35 AM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: New wiki page on certificate revocation plans Am 01.08.2014 12:11, schrieb simon.zer...@gmail.com: > Where is the evidence that OSCP hard fails and these speed issues are > actually a problem in the real world? Try it on a site with an unknown issuer. The handshake takes at least 30 seconds longer, because thats the time you need to turn off hard fail in the browser UI. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
