Eddy Nigg wrote:
Having said that, CRLs depending on its size probably requires more
resources than an OCSP responder.
That depends very much on the deployment scenario. IMHO there's no general
rule whether CRL or OCSP gives better performance or uses less resources.
Ciao, Michael.
[Please follow-up to dev-security-policy -- which is where most things
having to do with CA and browser interaction policies are discussed.]
I'm trying to figure out how much of the OCSP slowness and server
underpowering is due to the sizes of the keys used, or limitations of
the HSMs (and
On 10/13/2009 11:26 PM, Kyle Hamilton:
I'm trying to figure out how much of the OCSP slowness and server
underpowering is due to the sizes of the keys used, or limitations of
the HSMs (and drivers) that these systems are using.
Kyle, it's a myth, there are CAs having very responsive OCSP
