> for me I refuse it or in other words, when there is no OCSP response > and I don't get a CRL from the CA > the SSL-host is blocked; Forget it, Walter. If you feel it's more secure that way I'm not going to waste my time to convince you otherwise. )