Introduction |
OCSP defines a mechanism for online certificate status checking, in which a certificate recipient contacts a server (called an OCSP responder) each time it needs to check a certificate's status. OCSP is one of a broader class of approaches that call for a recipient of a message to check some server to ascertain certificate status.
In its pure form, this type of approach has the advantage of providing access to the most up-to-date certificate status information. However, it has the disadvantage of being cumbersome from a communications standpoint, because every secure communication involving n certificates requires n other network connections to ascertain the status of the certificates. Thus, OCSP is expected to be the most appropriate protocol for high-security applications requiring the most up to date certificate status information.
For more detailed information on OCSP, see RFC 2560:
ValiCert, Inc. http://www.valicert.com Voice: +1.650.567.5469 Fax: (+1.650.254.2148 support@valicert.com |