Ok so let's say you actually want Apple to do this kind of security for you (I don't, but let's say).
Currently they do a synchronous check before you launch any binary.
Why don't they instead just log every binary signature and check them async on some regular schedule? Strict mode could be blocking the FIRST execution of a binary signature and after that you only recheck if that signature has been revoked on some regular interval.
There's absolutely no good reason why an app which I've run 100 times needs to phone home before running the 101st time.
This is how it worked. The point of the tweet and others' experience is that this is now happening for apps that have already been launched plenty of times before. This is why nothing other than Apple's programs would launch during the short time that the OCSP was down.
Currently they do a synchronous check before you launch any binary.
Why don't they instead just log every binary signature and check them async on some regular schedule? Strict mode could be blocking the FIRST execution of a binary signature and after that you only recheck if that signature has been revoked on some regular interval.
There's absolutely no good reason why an app which I've run 100 times needs to phone home before running the 101st time.