14 Apr
2014
14 Apr
'14
12:56 p.m.
Mike Jackson wrote:
OCSP is, IMO, far preferable because it can perform delta CRL checking behind the scenes, removes the need to implement delta CRL checking in the clients, simplifies your certificate profiles, and is overall better for the network for a few reasons.
Such a general statement regarding CRL vs. OCSP is nonsense.
If you have really high traffic checking client certs against a local black-list (CRL) is much better.
Also OCSP is a privacy nightmare.
Ciao, Michael.