I’ve looked for the answer for the question below, buth did not find any. Hopfully it is not a question that is asked many times before.
I’am using OCSP Stapling. Meanly because of performance, but also because it improves privacy. With the outage of today I understand that in particulair users who are using OCSP stapling where impacted.
What I want to understand is why user who are using OCSP stapling are impacted more by the outage of today. As far as I’am concerned, with OCSP stapling there is a “cached” response from my server to the client, proving the certificate is not revoked. When the Let’s Encrypt OCSP servers are down, my server can still prove that the certificate is not reinvoked with the “cached” OCSP response. Without OCSP stapling I would think the outage of Lets Encrypt OCSP servers would have more impact, because they can not respons to the OCSP querys from web browsers.
Hope that someone is able to help met understand the working of OCSP stapling better.