7 May
2014
7 May
'14
4:14 p.m.
On 8/05/2014 1:13 AM, Russell Coker wrote:
https://www.imperialviolet.org/2014/04/19/revchecking.html
The above URL has an article describing the problems with revocation checks.
Not a bad article, but if servers can setup OCSP checks much more quickly than 3 days. If the certs had a MUST STAPLE flag and the server itself checks OCSP much more frequently, then the stapled reference could be good for an hour or two -- it doesn't have to be 3 days. The trouble is, I believe, today there is no option in certs to make stapling compulsory. Cheers A.