Security researcher Adam Langley of Google explained the real efficiency of revocation checking in response to OpenSSL heartbeat bug.
The Heartbleed bug is a source of great concern for IT industry, every day we discover that the flaw in the OpenSSL library has had a significant impact onServers, on the mobile industry and on the anonymity of Tor users.After the disclosure of OpenSSL flaw, administrators of vulnerable servers have updated the OpenSSL library and generated a new certificate for their infrastructure (so a new public key), but as noted by the security researcher Adam Langley of Google, the old certificates still work allowing an attacker with the old private key to still impersonate the website.
Langley is suggesting a scalable solution to the revocation problem in the form of short-lived certificates or something like OCSP Must Staple, limiting the validity of OCSP response in a few days.
Full Article