Skip to Content.
Sympa Menu

cacert-devel - Re: OCSP caching etc.

Subject: CAcert Code Development list.

List archive

Re: OCSP caching etc.


Chronological Thread 
  • From: Michael Tänzer <michael.taenzer AT cacert.org>
  • To: Wytze van der Raay <wytze AT deboca.net>
  • Cc: Wytze van der Raay <wytze AT cacert.org>, "critical-admin AT cacert.org" <critical-admin AT cacert.org>, cacert-devel AT lists.cacert.org
  • Subject: Re: OCSP caching etc.
  • Date: Fri, 23 Dec 2011 15:11:53 +0100
  • Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT cacert.org; dkim-asp=none
  • Openpgp: id=9940BEF1
Hi Wytze,

On 23.12.2011 10:59, Wytze van der Raay wrote:
> As an interesting side-benefit I'd like to report that the load on the ocsp
> server has *significantly* dropped since applying this change. In the week
> before the change (Dec 9 - 16) we processed 2.225.530 OCSP requests, or
> about 222 per minute, in the next week directly after applying the change
> the number of requests dropped to 444.500 or only 44 per minute, a reduction
> of rougly 80%.

That's great news. I guess it's client side caching kicking in here.

On a side note: The numbers suggest that the server side caching
apporach proposed in https://bugs.cacert.org/view.php?id=1001 at least
does not result in an OCSP load we could not handle (additional ~58
requests per minute but probably reduced load on the OCSP server due to
the other servers taking some loads) and therefore might be doable.

-- 
Happy Holidays,
Michael Tänzer

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


Archive powered by MHonArc 2.6.16.

Top of Page