[iancarroll]

How are they worthless?

[msherry]

They're worthless because clearly no one is using them. They may theoretically be useful, but it doesn't matter if they're never put into practice.

[iancarroll]

Do you mean nobody on the CA side or the end user side? CA's suspend certificates all the time - instant e the scam site had theirs pulled a few weeks ago...

[nullc]

Beyond being seldom used, they also leak usage information.

[dfc]

If you are leaking usage information with ocsp/crl checks you are also spewing out information via DNS requests.