<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-cite-prefix">On 06/11/2015 07:02 PM, Ryan Sleevi
wrote:<br>
</div>
<blockquote
cite="mid:CACvaWvbk12PW4mjc7dg3sCRXn9u-6q9SkfD4g511+Ba4v1m_7Q@mail.gmail.com"
type="cite">
<p dir="ltr">Sorry, that reply was meant to be towards browsers
checking daily.
</p>
</blockquote>
<br>
Yes of course, I explicitly mentioned in my original response that
any cached data will remained cached for whatever time the CA sets
in the OCSP response. <br>
<br>
But any new connection checking an updated OCSP response would of
course take affect from the time of revocation by the CA. There is a
difference, certainly if we are talking about the max. time of 10
days (which is commercially interesting enough for an attacker I
guess -, and probably the reason why some/most browsers cache the
OCSP response for only 24 hours).<br>
<br>
<div class="moz-signature">-- <br>
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
</body>
</html>