On 16.06.2016 21:42, ????????? ???????? wrote:>> that is right, but hink of your potential clients, because >> wosign has a problem - slow OCSP, ... >> because their server infrastucture is located in China, and not the >> best bandwidth ... >> >> when validity checks of the used SSL certificate very probable fail, >> it is worse than not using SSL ... > > I don't think OCSP is critical for free certificates suitable for > small businesses and personal sites. >this is philosophy; I'd say when you do it then do it good, else don't do it;
Walter H. ????? 2016-06-16 22:54:> On 16.06.2016 21:42, ????????? ???????? wrote: >>> that is right, but hink of your potential clients, because >>> wosign has a problem - slow OCSP, ... >>> because their server infrastucture is located in China, and not the >>> best bandwidth ... >>> >>> when validity checks of the used SSL certificate very probable fail, >>> it is worse than not using SSL ... >> >> I don't think OCSP is critical for free certificates suitable for >> small businesses and personal sites. >> > this is philosophy; > > I'd say when you do it then do it good, else don't do it;Then OCSP stapling is the way to go but it could be a real PITA to setup for the first time and may not be supported by older browsers anyway.
On 17.06.2016 16:27, ????????? ???????? wrote:> Walter H. ????? 2016-06-16 22:54: >> On 16.06.2016 21:42, ????????? ???????? wrote: >>> >>> I don't think OCSP is critical for free certificates suitable for >>> small businesses and personal sites. >>> >> this is philosophy; >> >> I'd say when you do it then do it good, else don't do it; > > Then OCSP stapling is the way to go but it could be a real PITA to > setup for the first time and may not be supported by older browsers > anyway. >not really, because the same server tells the client that the SSL certificate is good, as the SSL certificate itself; these must be independent; Walter