Y
Hacker News
new
|
ask
|
show
|
jobs
by
dadrian
276 days ago
OCSP stapling, when done correctly with fallback issuance, is just a worse solution than short-lived certificates. OCSP lifetimes are 10 days. I wrote about this some here [1].
[1]:
https://dadrian.io/blog/posts/revocation-aint-no-thang/