Re: HTTP 2.0 and a Faster, more Mobile-friendly web

On 7/30/2012 8:46 AM, Yoav Nir wrote:
>
> Additionally, TLS requires the client to check revocation of the server certificate. Some browsers don't, but that's besides the point. Checking revocation involves fetching either a CRL or an OCSP response, and they are typically fetched over HTTP. If HTTP has to have TLS we have a bootstrap problem, unless checking revocation is relegated back down to HTTP/1.0.
that's not a roadblock.. we can address this largely via ocsp stapling.. 
also ocsp with a ca can be done over tls without cert verification 
because the ocsp response is signed separately.

Received on Monday, 30 July 2012 15:53:27 UTC