On 10/13/2009 11:26 PM, Kyle Hamilton:
I'm trying to figure out how much of the OCSP slowness and server underpowering is due to the sizes of the keys used, or limitations of the HSMs (and drivers) that these systems are using.
Kyle, it's a myth, there are CAs having very responsive OCSP responders out there....Verisign claims one billion responses per day, I know that StartCom pushes out Gigabytes of responses per day and Comodo probably a couple more. It works and OCSP is meant to be fast, not slow. Being a tool to provide ONLINE and instant information as compared to CRLs with their lag.
Having said that, CRLs depending on its size probably requires more resources than an OCSP responder.
-- Regards Signer: Eddy Nigg, StartCom Ltd. XMPP: start...@startcom.org Blog: http://blog.startcom.org/ Twitter: http://twitter.com/eddy_nigg _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security