OCSP
OCSP (Online Certificate Status Protocol) is a protocol that ensures the availability of an online system of verification of the certificate status. The OCSP is standardized by the Internet Engineering Task Force (IETF) in RFC 2560 (Request For Comment 2560). It is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate.
This protocol can be a solution to the non-automation CRL (Certificate Revocation List) recovery of the web browsers. It also has many others advantages :
- OCSP provides more updated information on the status of the certificate ;
- With OCSP, the customer no longer needs to recover the CRL. Given the large size of the CRL, it reduces network traffic ;
- The customer no longer has to deal himself the CRL. This allows the economy of a relatively complex treatment ;
- The CRL can be compared to a "list of bad clients" of a bank. This can be a problem for those who would not disclose such information. Thus, with OCSP, this list will not be public.