On Apr 4, 2014, at 4:48 AM, t.p. <daedulus@xxxxxxxxxxxxx> wrote: > Setting up a TLS session takes time; I notice every time I access > e-mail, ever since my ISP required the use of TLS. It is only a few > seconds, Whaaat? It takes a few SECONDS for your MUA to set up a TLS connection? Something is broken. This is not a TLS problem. It's probably either a load problem on your IMAP store, or bufferbloat on your network causing unreasonable round trip times—if your RTT to the IMAP store is 1000ms, then sure, it could take a couple of seconds to set up a TLS connection. Similarly, if there's a bug in IETF's CRL support, that should be fixed regardless of the ultimate outcome of this discussion.