← Cybersecurity Alphabet Soup

OCSP

Online Certificate Status Protocol

cryptomedium

OCSP lets a client ask a certificate authority in real time whether a specific certificate has been revoked, instead of downloading a full revocation list. OCSP stapling improves on this by letting the web server attach a fresh signed status to the TLS handshake, which is faster and avoids leaking browsing activity to the CA. It is a core part of how browsers decide whether to trust a certificate.

Sources

More in crypto