| ▲ | saurik 2 days ago | |
How is this actually better (or conceptually even different) than just having the issuer's servers issue new certificates that only last 24 hours? | ||
| ▲ | Ayesh 2 days ago | parent [-] | |
It's not better. Short lived certificates are definitely the better way forward. 24 hour certificates will add a significantly more load on CAs, a lot more than maintaining an OCSP responder. | ||