Ram A Moskovitz <[EMAIL PROTECTED]> writes: >> Many >> responders are fed from CRLs, so you get the illusion of a quick response >> with >> all the drawbacks of a CRL (OCSP was specially designed to be 100% bug- >> compatible with CRLs, a much better name for it would be Online CRL-Query >> Protocol).
>Feeding OCSP off CRLs is not useful for improving freshness of information. Well, that's what OCSP was designed for. I haven't got the original quote to hand (I can dig it up if required), but it was something like "What could be more elegant than feeding an OCSP responder from a CRL", to which my response was something like "What could be more stupid than feeding an online service from stale offline data". I'll emphasise again here that OCSP was designed to be 100% bug-compatible with CRLs. In other words it's really OCQP (online CRL query protocol), not OCSP. Peter. _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
