Comparison To CRLs
- Since an OCSP response contains less information than a typical CRL (certificate revocation list), OCSP can feasibly provide more timely information regarding the revocation status of a certificate without burdening the network. However, the greater number of requests and connection overhead may overwhelm this benefit if the client does not cache responses.
- Using OCSP, clients do not need to parse CRLs themselves, saving client-side complexity. However, this is balanced by the practical need to maintain a cache. In practice, such considerations are of little consequence, since most applications rely on third-party libraries for all X.509 functions.
- CRLs may be seen as analogous to a credit card company's "bad customer list" – an unnecessary public exposure.
- OCSP discloses to the responder that a particular network host used a particular certificate at a particular time. OCSP does not mandate encryption, so this information also may be intercepted by other parties.
Read more about this topic: Online Certificate Status Protocol
Famous quotes containing the words comparison to and/or comparison:
“In comparison to the French Revolution, the American Revolution has come to seem a parochial and rather dull event. This, despite the fact that the American Revolution was successful—realizing the purposes of the revolutionaries and establishing a durable political regime—while the French Revolution was a resounding failure, devouring its own children and leading to an imperial despotism, followed by an eventual restoration of the monarchy.”
—Irving Kristol (b. 1920)
“It is comparison than makes people miserable.”
—Chinese proverb.
Related Phrases
Related Words