The use of OCSP-stapling should be considered, allowing for fast revocation of certificates (which would otherwise
be limited by the DNS TTL on the TLSA records). However, this is likely to only be usable with DANE-TA. NOTE: the
default of requesting OCSP for all hosts is modified iff DANE is in use, to:
The use of OCSP-stapling should be considered, allowing for fast revocation of certificates (which would otherwise
be limited by the DNS TTL on the TLSA records). However, this is likely to only be usable with DANE-TA. NOTE: the
default of requesting OCSP for all hosts is modified iff DANE is in use, to: