Online Certificate Status Protocol [OCSP] is only used when instant revocation of a user is of paramount importance. Whenever a digital certificate/signature it issued, it is the Digi-CA™ system that controls whether it is valid or revoked. If a certificate is revoked, then the Certificate Revocation List [CRL], that is updated every 24 hours, will contain this information.
In high security, or high value transaction situations, waiting for an updated CRL every 24 hours is not sufficiently fast notification for some environments. In these instances, OCSP is recommended. Read more >
|