T- OCSP
Tradtional Online Certificate Status (T-OCSP)
Traditional OCSP is a technology which alleviates some of the scalability issues of CRLs by adding a layer of Responders between the Certificate Authority, which is the source of the CRL, and the clients. The Responders all receive a CRL, and the clients ask a Responder for validation information about a set of credentials to determine whether a person is authorised to do what he or she is trying to do.
Using T-OCSP, the size of the CRL is no longer as problematic since the clients never receive the entire list of revoked certificates, instead receiving a relatively small amount of information regarding a particular certificate. However, because each Responder is a security risk, the cost of protecting each of them from attack is large. Because of this, it is often cost-prohibitive to set up multiple Responders in several locations, and with fewer Responders a system will be significantly slower.
Advantages/Disadvantages
|
|
|
|
|
|
|
Suitable Applications
 |
OSCP works well for deployments with tens of thousands of users, in close proximity to each other. For example, a university with a single large campus could issue smartcards to all its students which allow them access to dormitories, libraries, and campus-wide computer networks. |
CoreStreet PKI Products
