On Tue, Aug 5, 2014 at 2:02 AM, Gervase Markham <[email protected]> wrote: > On 04/08/14 18:16, Erwann Abalea wrote: >> OCSP is painful and costly to optimize, x509labs shows great >> availability and good performance for most CA/location combination, >> but this is in contradiction with real user measurements. Why, and >> how? > > Good question. Perhaps the point is that consumer internet connections > are a lot flakier than the one x509labs uses.
It is also possible that x509labs is requesting OCSP response for the same cert over and over which means it is getting edge-cached replies. Users request responses for random certs, which could include certs just issued or rarely seen. Thanks, Peter _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
