GuiGui's Show

Today we turned off our Online Certificate Status Protocol (OCSP) service, as announced in December of last year. […] Going forward, we will publish revocation information exclusively via Certificate Revocation Lists (CRLs).
We ended support for OCSP primarily because it represents a considerable risk to privacy on the Internet. When someone visits a website using a browser or other software that checks for certificate revocation via OCSP, the Certificate Authority (CA) operating the OCSP responder immediately becomes aware of which website is being visited from that visitor’s particular IP address. Even when a CA intentionally does not retain this information, as is the case with Let’s Encrypt, it could accidentally be retained or CAs could be legally compelled to collect it. CRLs do not have this issue.
[…]
For every year that we have existed, operating OCSP services has taken up considerable resources that can soon be better spent on other aspects of our operations. […] That’s more than 140,000 requests per second handled by our CDN, with 15,000 requests per second handled by our origin. […]

\o/

Un de mes deux griefs majeurs envers LE est donc caduque.