Mike Jackson wrote: > OCSP is, IMO, far preferable because it can perform delta CRL checking > behind the scenes, removes the need to implement delta CRL checking in the > clients, simplifies your certificate profiles, and is overall better for > the network for a few reasons. Such a general statement regarding CRL vs. OCSP is nonsense. If you have really high traffic checking client certs against a local black-list (CRL) is much better. Also OCSP is a privacy nightmare. Ciao, Michael.
Description: S/MIME Cryptographic Signature