A company is concerned that a compromised certificate may result in a man-in-the-middle attack against
backend financial servers. In order to minimize the amount of time a compromised certificate would be
accepted by other servers, the company decides to add another validation step to SSL/TLS connections. Which
of the following technologies provides the FASTEST revocation capability?
Online Certificate Status Protocol (OCSP)
Public Key Cryptography (PKI)
Certificate Revocation Lists (CRL)
Intermediate Certificate Authority (CA)
CRL (Certificate Revocation List) was first released to allow the CA to revoke certificates, however due to
limitations with this method it was succeeded by OSCP. The main advantage to OCSP is that because the
client is allowed query the status of a single certificate, instead of having to download and parse an entire list
there is much less overhead on the client and network.