Main reason to install and use OCSP responder is to get fast and accurate information about the state of certificate. When OCSP responder is parsing huge CRL for long time its responses are based on old CRL, which makes them inaccurate and therefor invalidates the purpose of using OCSP. Long CRL processing is also degrading OCSP performance.[[BR]] To summarize not accepting delta CRLs is causing long periods of degraded performance and inaccurate responses.[[BR]] https://bugzilla.redhat.com/show_bug.cgi?id=224791
Metadata Update from @awnuk: - Issue set to the milestone: UNTRIAGED
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1198
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Metadata Update from @dmoluguw: - Issue close_status updated to: migrated - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.