Y
Hacker News
new
|
ask
|
show
|
jobs
by
pedro2
2050 days ago
Check server certificate OCSP first, send subsequent queries via SSL.
1 comments
lstamour
2050 days ago
Precisely. This would require more work, but it would only leak the OCSP server’s revocation request, and would make OCSP both more secure (caching OCSP server validity rather than the original certificates) and more private (due to SSL).
link