Recently I set up a PingDom monitor to track the overall performance of the various OCSP responders out there, PingDom is limited to doing GETs and cannot parse the responses from the responders but it\u2019s a fair mechanism to look at response time.<\/p>\n
These tests run from a number of different global locations and are averaged together, the locations change but the same locations are used for each set of tests so again this seems fair.<\/p>\n
I decided to use the Google logo as my control test, as it is about the same size as a larger OCSP response, after about a month of monitoring this is what I saw:<\/p>\n
Test<\/strong><\/td>\n| Avg. Response time<\/strong><\/td>\n<\/tr>\n | Google Logo (3972 bytes)<\/td>\n | \n | 44 ms<\/p>\n<\/td>\n<\/tr>\n GoDaddy OCSP<\/td>\n | \n | 186 ms<\/p>\n<\/td>\n<\/tr>\n GlobalSign OCSP<\/td>\n | \n | 228 ms<\/p>\n<\/td>\n<\/tr>\n Digicert OCSP<\/td>\n | \n | 266 ms<\/p>\n<\/td>\n<\/tr>\n Comodo OCSP<\/td>\n | \n | 268 ms<\/p>\n<\/td>\n<\/tr>\n TrustCenter OCSP<\/td>\n | \n | 273 ms<\/p>\n<\/td>\n<\/tr>\n TrustWave OCSP<\/td>\n | \n | 315 ms<\/p>\n<\/td>\n<\/tr>\n Startcom OCSP<\/td>\n | \n | 364 ms<\/p>\n<\/td>\n<\/tr>\n Entrust OCSP<\/td>\n | \n | 371 ms<\/p>\n<\/td>\n<\/tr>\n Geotrust OCSP<\/td>\n | \n | 432 ms<\/p>\n<\/td>\n<\/tr>\n VeriSign OCSP<\/td>\n | \n | 510 ms<\/p>\n<\/td>\n<\/tr>\n CyberTrust OCSP<\/td>\n | \n | 604 ms<\/p>\n<\/td>\n<\/tr>\n Certum OCSP<\/td>\n | \n | 776 ms<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n As you can see the fastest responder is over four times slower than the Google logo, far from acceptable.<\/p>\n When looking at the individual responses and their responses this is what I saw:<\/p>\n |