On Fri, Oct 25, 2013 at 1:47 PM, Rick Andrews wrote:
> I agree with Jeremy that there are security benefits to revocation checking,
> even without hard-fail, and that they are not illusions. If a CA can serve an
> OCSP response to a browser before the browser gives up, the user may be
> alerted
On 10/25/2013 11:47 PM, From Rick Andrews:
A number of CAs have been actively working to improve the
performance of their CA infrastructures, and have made significant
improvements.
For reference: https://revocation-report.x509labs.com/
( just that the cert expired there :-) )
--
Regards
> Yes, surely only someone insidious and evil and who hates Freedom would
>
> ever support such an security-hostile idea as a 1-4KB OCSP response,
>
> rather than a 50MB CRL. It's likely that the Legion of Cryptographic Doom
>
> have compromised OCSP, likely using the World Bank to infiltrate t
3 matches
Mail list logo
