On 10/12/2009 12:13 PM, Rob Stradling:
Comodo's OCSP Responder infrastructure handles many hundreds of OCSP requests per second. We are confident that our current servers could easily handle several times as much traffic, and we can easily add more servers when we need to increase the capacity still further.
I think StartCom is in a similar situation. As increase in demand doesn't happen usually over night, correct assessments should guaranty proper functioning and adequate allocation of the resources. Obviously it's a far cry compared to a non-working, non-accessible and non-existing advertised OCSP URI.
VeriSign claim to handle over one billion OCSP requests per day. If their servers are "woefully underpowered", surely we'd have heard about it by now!? Perhaps the time has come for the browsers to "force" all of the other CAs to take their OCSP responsibility seriously, by requiring OCSP by default.
Amen!
That CA clearly fell short of this requirement.
I don't think this CA issues EV certificates. Which is perhaps we one can draw a difference also regarding regular certificates as well.
-- Regards Signer: Eddy Nigg, StartCom Ltd. XMPP: start...@startcom.org Blog: http://blog.startcom.org/ Twitter: http://twitter.com/eddy_nigg _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security