The CA is responsible for revoking certificates when necessary. Which of the following correctly describes a CRL and OSCP?

A.
The CRL was developed as a more streamlined approach to OCSP.

B.
OCSP is a protocol that submits revoked certificates to the CRL.

C.
OCSP is a protocol developed specifically to check the CRL during a certificate validation process.

D.
CRL carries out real-time validation of a certificate and reports to the OCSP.

Explanation:
C: The CA is responsible for creating and handing out certificates, maintaining them, and revoking them if necessary. Revocation is handled by the CA, and the revoked certificate
information is stored on a certificate revocation list (CRL). This is a list of every certificate that has been revoked. This list is maintained and updated periodically. A certificate may be
revoked because the key holder’s private key was compromised or because the CA discovered the certificate was issued to the wrong person. If the certificate becomes invalid for
some reason, the CRL is the mechanism for the CA to let others know this information. The Online Certificate Status Protocol (OCSP) is being used more and more compared to the
cumbersome CRL approach. When using just a CRL, the user’s browser must either check a central CRL to find out if the certification has been revoked or the CA continually pushes
out CRL values to the clients to ensure they have an updated CRL. If OCSP is implemented, it does this work automatically in the background. It carries out real-time validation of a
certificate and reports back to the user whether the certificate is valid, invalid, or unknown.
A is incorrect because a certificate revocation list (CRL) is actually a cumber-some approach to managing and validating revoked certificates. The Online Certificate Status Protocol
(OCSP) is increasingly being used to address this. OCSP does this work in the background, doing what the user’s Web browser would do when just using CRL. OCSP checks a central
CRL to see if a certification has been revoked.
B is incorrect because the Online Certificate Status Protocol (OCSP) does not submit revoked certificates to the certificate revocation list (CRL). The certificate authority (CA) is
responsible for the creation, distribution, and maintenance of certificates. This includes revoking them when necessary and storing the information on a CRL.
D is incorrect because the Online Certificate Status Protocol (OCSP), not the certificate revocation list (CRL), carries out real-time validation of a certificate. In addition, the OCSP
reports back to the user whether the certificate is valid, invalid, or unknown.