[iso947]

Most browsers are stopping ocsp because of the privacy use and the triviality to block it. Did Chrome ever do it?

That’s why CT came around.

Some background for those unfamiliar.

https://scotthelme.co.uk/revocation-is-broken/

[judge2020]

Chrome uses its own CRL, which pulls from OCSP

https://medium.com/@alexeysamoshkin/how-ssl-certificate-revo...

Although OCSP stapling is used more now IIRC.

[iso947]

Chrome uses CRLset, which generates a cut down CRL when the browser is updated, I don’t see any interaction with OCSP

HN doesn’t set OCSP must staple so we’re still a while away from being able to trust it.