What harm will denying ocsp.apple.com do?
Solution 1:
The OCSP protocol is used to check whether or not a certificate has been revoked. In this context, it is used to give Apple the opportunity to revoke the “blessing” it has given to a specific piece of software. This could happen for example for example if Apple discovers that it contains malware, or when the software developer turns out to be a scammer, or similar situations.
Blocking OCSP does not interrupt normal certificate validation. Your Mac will still be able to tell whether or not the software has at some point received the “blessing” from Apple that makes it pass validation. If you have non-signed software or software signed by someone else than Apple, this will still be picked up by the system.
Disabling OCSP access only means that software that Apple once validated won’t be subject to checks in the future to see if Apple decided to revoke that validation.
Whether or not that is sustainable for a longer period of time depends on your own threat assessment. For ordinary users, I would recommend not blocking OCSP, as it serves as an extra layer of protection against malicious software.
Solution 2:
OCSP requests send a hash for every program you run, so that trustd can report the information (to a third-party CDN run by another company, Akamai). The purpose is to effectively verify whether the app that is launching is notarized or not by attempting to validate any Apple-related cryptographic certificates. With the release of macOS 11, we could no longer block certain Apple OS services with apps like Lulu and Little Snitch, as per the new restrictions to how third-party kernel extensions can function as well as to their scope of control. This feature was then removed with the release of macOS 11.2.
If you always know what you're installing and you trust the processes running on your Mac, there might not be an immediate consequence of blocking the OCSP requests. Since they require an internet connection, you could instead toggle your network connection to resolve any slow-downs the next time Apple's servers freeze up. If you want to block the OCSP requests, your solution should work (at least for that address). If you want to disable the service, you can try the following commands:
sudo defaults write /Library/Preferences/com.apple.security.revocation.plist OCSPStyle None
sudo defaults write com.apple.security.revocation.plist OCSPStyle None
I can't verify that it will make a difference, since Apple removed the conventional method to accomplish the equivalent in Keychain Access → Preferences years ago.