So non-browser clients have no feasible way of checking certificate revocation anymore.