How would that work in the current reality of the DNS? The current reality is that it’s unauthenticated and indeterminately forwarded/cached, neither of which screams success for timely, authentic OCSP responses.

▲

dogma1138 2 days ago | parent [-]

Similarly to how OCSP stapling was supposed to work.

	▲	woodruffw 2 days ago \| parent [-]
		“Supposed to” being operative, I think!