On Tue, Nov 6, 2012 at 8:08 PM, Willy Tarreau <[email protected]> wrote: > >> I believe the official word at one point was that OCSP stapling of chains >> should be accomplished by including the entire chain in the OCSP request, >> delivering that compound OCSP response via the TLS Certificate Status Request >> extension. > > And do you know how large this could be for average web sites ? Maybe > there is a cross-over point where doing so has a more negative impact > than letting the client check by itself ?
CloudFlare´s announcement about OCSP (and a partnership with GlobalSign) makes they https client sites 30% faster. http://techcrunch.com/2012/11/01/cloudflare-globalsign-make-ssl-faster/
