Overview of Validation Technologies
CoreStreet offers a number of different technologies for performing validation.
Many organisations are finding that traditional validation technologies fail to provide adequate performance and quickly become cost prohibitive. To meet real world requirements, CoreStreet offers a range of validation solutions that work in the most demanding environments. CoreStreet technologies are crucial for scaling from several thousand to hundreds of millions of users and work in connected or disconnected environments. By offering a variety of approaches to validation, CoreStreet provides ultimate flexibility to choose an approach tailored to fit every security situation.
Side-by-side Comparison of Validation Technologies:
|
Advantages |
Disadvantages |
Optimal # of Users |
|
| CRL |
- Easy to manage for small numbers |
- Huge bandwidth all the way to the clients Does not scale past 10,000 users for large number of clients |
100,000 |
| T-OCSP | - Small bandwidth between responder and clients Works with all issued certificates Industry standard |
- Requires trusted responders (extremely expensive) Requires digital signing at each transaction (very slow) Does not scale past 100,000 users Loss of security if any responder is compromised |
100,000 |
| D-OCSP | - Small bandwidth between responder and clients No trusted responders required Scales to millions of users Computationally simple (no signing per transaction) Works with all issued certificates Industry standard |
- Bandwidth to responders is larger than with OCSP |
10,000,000 |
| MiniCRL | - Tiny bandwidth between CA and responders Small bandwidth between responder and clients No trusted responders required Scales to hundreds of millions of users Computationally simple (no signing per transaction) Works with all issued certificates |
- Not yet adopted as an industry standard |
100,000,000+ |
