Online Certificate Status Protocol ‘OCSP’. Outline: What is OCSP? Digital Signatures Certificate Revocation List Technical aspects of OCSP Types of OCSP Conclusions. Dave Hirose July 15 2004. OCSP & Digital Signatures. OCSP is a protocol used to verify the status of digital signatures
What is OCSP?
Certificate Revocation List
Technical aspects of OCSP
Types of OCSP
July 15 2004
Target certificate identifier
Optional extensions which may be processed by the OCSP
Responses for each of the certificates in the request
Can be useful in certain situations.
Suitable for highly sensitive or high valued information
Weigh the risk of not using real time verification
against the cost of using and implementing it
Should consider checking the CRL directly for revoked certifications.
OCSP is not infallible. Since the revocation lists are not locked.
If real time verification of certificates is imperative and you have a high
volume complicated system, you should consider using a vendor specializing
in digital certificate validation