Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Check server certificate OCSP first, send subsequent queries via SSL.


Precisely. This would require more work, but it would only leak the OCSP server’s revocation request, and would make OCSP both more secure (caching OCSP server validity rather than the original certificates) and more private (due to SSL).




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: