Michael Ströder wrote, On 2009-01-15 08:23: > Johnathan Nightingale wrote:
>> You may also be interested in the work on OCSP-stapling, so that no >> third party learns about your browsing, but you still get a CA-signed >> OCSP response. The CAs are interested in this too, since it takes the >> load off of them for high-traffic sites. > > Well, it will take some time until this is reality. One vendor offers it across their product line now. No others do, AFAIK. > And it means that you have to set up a OCSP responder. This is unlikely > for many end users. huh? It surely doesn't require any end users to set up OCSP responders. OCSP stapling allows a TLS server to send a copy of a recent OCSP response (issued by the issuer of that server's cert) along with the cert in the TLS handshake, thereby saving the client extra connections and extra round trips. It reduces load on OCSP responders. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
