|
|
|
|
|
|
by pornel
1465 days ago
|
|
|
OCSP has a fundamental weakness that it can’t be allowed to fail open, because the same attacker that can MITM a certificate can simulate a network outage for the OCSP check. Browsers have given up — reliability and performance won — and they fail open on OCSP check failures. |
|
|