Why CRL and OCSP URLs use HTTP?
From Digicert The CRL's and also the OCSP responses are signed by CA's such as DigiCert. This means any kind of manipulation will already be detected even if the CRL or OCSP response is transferred using an insecure transport. Thus the protection ...