On 8/05/2014 1:13 AM, Russell Coker wrote: > https://www.imperialviolet.org/2014/04/19/revchecking.html > > The above URL has an article describing the problems with revocation checks.
Not a bad article, but if servers can setup OCSP checks much more quickly than 3 days. If the certs had a MUST STAPLE flag and the server itself checks OCSP much more frequently, then the stapled reference could be good for an hour or two -- it doesn't have to be 3 days. The trouble is, I believe, today there is no option in certs to make stapling compulsory. Cheers A. _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
