Jean-Marc Desperrier wrote:
I rather agree about that problem description, I just don't understand why Ram declares that OCSP solves it. I tend to believe it can help in some situations, but make it worse in other, in fact make it worse for
In any case MS is turning OCSP on by default in their next version of windows, one of the problems with OCSP is the fact that if you can't verify a certificate it's assumed to be revoked, and while MS is planning to create some form of OCSP caching, I'm waiting to see how well it will work on a plane, or any other place where you have no connectivity...
Instead of waiting , why not contribute OCSP caching code to Mozilla / NSS ? See bugs 205406 and 48597 . It's been on our to-do list for years, just never a priority .
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
