There are other differences:
CRL's can be big
An org might consider its CRL private info ("ooh look, Fred must have
gotten fired")
It's hard to *prove* you consulted a CRL; for OCSP use a hash of your
"real" document as the nonce, and save the response.
An OCSP responder can work off "faster" information than just the CA's CRL.
hope this helps.
/r$
--
Zolera Systems, http://www.zolera.com
Information Integrity, XML Security
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
