We are looking at adding revocation support to our TLS/SSL
implementation. OCSP seems like it might be a lower overhead system for
us to support. I'd like to avoid supporting both OCSP and CRL if
possible. I'm wondering how well OCSP works in practice. Towards the
bottom of the OCSP Wikipedia page listed below there is a comment about
performance issues of OCSP on Safari, though perhaps it is out of date.
I'm wondering if there is any practical experience that can give us
reasons to support one of these or necessarily both.
Online Certificate Status Protocol (OCSP)
RFC 2560 (http://tools.ietf.org/html/rfc2560)
http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
Certificate Revocation Lists (CRL)
RFC 3280 (http://tools.ietf.org/html/rfc3280)
http://en.wikipedia.org/wiki/Certificate_revocation_list
_______________________________________________
webkit-dev mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
