OCSP, or Online Certificate Status Protocol, enables real-time verification (for clients like web browsers) of digital certificate validity (rather than use downloaded lists of revoked certificates, a la CRLs, or certificate revocation lists).
It reduces overhead in validation (could be useful in real-time use cases e.g. transaction processing).
Statuses can be "good", "revoked" or "unknown".
Certificate Authorities (CAs) are mandated to track certificates they revoke.
No comments:
Post a Comment