Clearly OCSP isn't a big win with CRL sizes below 16KB, but above 16 KB it starts to be a winner.
That happens to be the number I used above when calculating the size one should try not go over.
With 10% revocation ratio, that means the CA emits at most around 4000 users. Quite acceptable for the extension signing cert CA. And when it reaches that number, we just change the intermediate CA that directly signs the cert themselves.
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
