If an OCSP response has both a thisUpdate and a nextUpdate value then yes,
it is a good idea.
The new, enhanced, internally based on CRL, Verisign OCSP responder uses that ?
The old one had no nextUpdate, and a thisUpdate generated for each request, so locally caching it wasn't really adequate.
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
