Adam Langley, working on Google Chrome , has been very vocal about OCSP's faults, and Chrome began using its own auto-update to ship an aggregate of revocations of high-value certs directly to browsers out-of-band. Despite this being another famous instance of Chrome going against the grain of other browser vendors, I believe this was the correct solution: offering better protection for a curated subset of sites vs. pretending to -- but not actually -- protecting all sites.
I concur, but note that it is possible to do better and offer better revocation protection for all sites, with low bandwidth/storage costs: http://www.ccs.neu.edu/home/cbw/static/pdf/larisch-oakland17...
Looks like it was posted here and got very little traction ; a shame. But it will be presented in a few days at the IEEE Symposium on Security and Privacy . I hope it will get the coverage and examination it deserves.
Basically the first and last mile were hard fails but everything in between was advisory if the signature checked out.