> OCSP provides almost instant information about the validity of a > certificate...
This depends on the OCSP implementation; the use of OCSP does not automatically equate to 'real-time' or (in some cases) even 'moderately-close-to-real-time' certificate status. If the responder is referencing a CRL for status info, the data will only be as fresh as the CRL it references. Personally, I don't agree with such implementations of OCSP...but they do exist. Cheers, Bill _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
