Good. OCSP sucks. It's a fail-open design, and the fact that it exists means that a lot of security people have developed an auto-response for certificate lifetime problems, even in domains where OCSP is totally infeasible, like secure boot.

I can patiently explain why a ROM cannot query a fucking remote service for a certificate's validity, but it's a lot easier to just say "Look OCSP sucks, and Let's Encrypt stopped supporting it", especially to the types of people I argue with about these things.