Firefox 31 data: on desktop the median successful OCSP validation took 261ms, and the 95th percentile (looking at just the universe of successful ones) was over 1300ms. 9% of all OCSP requests on desktop timed out completely and aren't counted in those numbers.
on mobile the median successful validation was 372ms with the 95th percentile over 1500ms. 20% of all requests on mobile timed out completely and aren't counted in those numbers. OCSP is brutally painful. On Mon, Aug 4, 2014 at 11:19 AM, Jeremy Rowley <jeremy.row...@digicert.com> wrote: > Seems like a lot of anecdotes are being shared with respect to hard fail > without a lot of data. Do the browsers have more data on this? > Considering the X.509 labs shows nearly 100% availability with response > times of about 100 ms, data showing in-depth info on failure rates (and the > reasons why) would help drive the discussion in a productive direction. > > Jeremy > > -----Original Message----- > From: dev-security-policy [mailto: > dev-security-policy-bounces+jeremy.rowley=digicert....@lists.mozilla.org] > On Behalf Of Matthias Hunstock > Sent: Monday, August 4, 2014 2:35 AM > To: mozilla-dev-security-pol...@lists.mozilla.org > Subject: Re: New wiki page on certificate revocation plans > > Am 01.08.2014 12:11, schrieb simon.zer...@gmail.com: > > Where is the evidence that OSCP hard fails and these speed issues are > > actually a problem in the real world? > > Try it on a site with an unknown issuer. > > The handshake takes at least 30 seconds longer, because thats the time you > need to turn off hard fail in the browser UI. > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy