OCSP stapling, when done correctly with fallback issuance, is just a worse solution than short-lived certificates. OCSP lifetimes are 10 days. I wrote about this some here [1].
[1]: https://dadrian.io/blog/posts/revocation-aint-no-thang/
OCSP stapling, when done correctly with fallback issuance, is just a worse solution than short-lived certificates. OCSP lifetimes are 10 days. I wrote about this some here [1].
[1]: https://dadrian.io/blog/posts/revocation-aint-no-thang/