Digital certificate status is provided by the certificate revocation list (CRL) and online certificate status protocol (OCSP). The CRL is a list of all certificates that have been revoked. If the serial number is not on the list it is assumed to be good. OCSP provides a response for all certificates. In layman’s terms, the response is either good or
At the IETF 86 meeting in Orlando last week, there was a working group meeting discussing the operations of the Web PKI. At the previous IETF 85 meeting a birds-of-a-feather was held to discuss the purpose of having such a group.