The gain is in the potential to notice revocations sooner with OCSP, CRL might have a 7 day TTL/cache time-out, in 7 days a lot of "issues" can arise, so being about to check OCSP hourly or even more often has the potential to notify you that something is a miss much sooner...
If you follow the discussion, Ram says we'll have a *bandwitdh* issue with CRL.
_______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
