OCSP and TSA verification services
- The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of a digital certificate. It was created as an alternative to certificate revocation lists (CRL), specifically addressing certain problems associated with using CRLs in a public key infrastructure (PKI). OCSP returns a response about the status of a certificate identufying as 'good', 'revoked', 'on-hold' or 'unknown'.
- Time Stamp Authority (TSA) service is the process of securely keeping track of the creation and modification time of a document. Security here means that no one — not even the owner of the document — can change it once it has been recorded provided that the timestamper's integrity is never compromised. A timestamp is an encoded information. It identifies a certain event, giving date and time to the document.
- OCSP advantages
OCSP contains less information than a CRL without overloading the network.
OCSP response has less data to parse than CRLs.
OCSP discloses that a particular network host used a particular certificate at a particular time.
OCSP does not encrypt data, thus other parties can follow the flow of information.