Comparison To CRLs
- Since an OCSP response contains less information than a typical CRL (certificate revocation list), OCSP can feasibly provide more timely information regarding the revocation status of a certificate without burdening the network. However, the greater number of requests and connection overhead may overwhelm this benefit if the client does not cache responses.
- Using OCSP, clients do not need to parse CRLs themselves, saving client-side complexity. However, this is balanced by the practical need to maintain a cache. In practice, such considerations are of little consequence, since most applications rely on third-party libraries for all X.509 functions.
- CRLs may be seen as analogous to a credit card company's "bad customer list" – an unnecessary public exposure.
- OCSP discloses to the responder that a particular network host used a particular certificate at a particular time. OCSP does not mandate encryption, so this information also may be intercepted by other parties.
Read more about this topic: Online Certificate Status Protocol
Famous quotes containing the words comparison to and/or comparison:
“It is very important not to become hard. The artist must always have one skin too few in comparison to other people, so you feel the slightest wind.”
—Shusha Guppy (b. 1938)
“In everyone’s youthful dreams, philosophy is still vaguely but inseparably, and with singular truth, associated with the East, nor do after years discover its local habitation in the Western world. In comparison with the philosophers of the East, we may say that modern Europe has yet given birth to none.”
—Henry David Thoreau (1817–1862)