OCSP

• An OCSP response contains less data than a typical certificate revocation list ( CRL ), which reduces the load on network and client resources.
• Since the OCSP response contains less data for analysis and processing, client libraries for processing are less complex than those that handle CRLs .
• OCSP responds to a request that a specific network node uses a specific certificate in a certain period of time.
• This information is open, therefore, OCSP does not require encryption, so if other parties intercept this information, then it is safe. However, a possible spoofing response is a vulnerability.

1. Alyona and Boris are respondents; each has a public key certificate issued by a certificate authority ( CA ).
2. Alyona wants to complete a transaction with Boris and sends him her public key certificate.
3. Boris, worried that Alena’s private key was compromised, creates an “OCSP request” that contains Alice’s certificate serial number and sends it to CA.
4. The OCSP Service of the Certification Authority reads the certificate serial number from Boris’s request and searches for the status of Alyona’s certificate. A possible state that it finds in the CA Certificate Authority database is that the certificate has been revoked. In this case, the CA database is the only reliable source where a possible compromise with Alena's certificate will be found.
5. The OCSP Service of the Certification Authority confirms that Alena’s certificate is still in order and returns a signed, positive “OCSP response” to Boris.
6. Boris cryptographically verifies the signed CA Certificate Authority response. Boris stores the CA public key before this transaction, and uses the public key of the Certificate Authority to verify the authenticity of the response of the CA Certificate Authority .
7. Boris completes the transaction with Alena.

The OCSP responder (typically a Certificate Authority server) returns a signed response with the status of the certificate specified in the request: valid , revoked, or unknown status . If it cannot process the request, it may return an error code.

The OCSP request format supports additional extensions. This allows for additional configuration for a specific PKI scheme.

OCSP may be vulnerable to replay attacks - replay attacks where a signed, valid response is captured by a malicious intermediary and replayed to the client later after the subject certificate may have been revoked. OCSP allows you to include a one-time code in the request - nonce , which can be included in the corresponding response. Due to the high workload, most OCSP respondents do not use the nonce extension to create different responses for each request, instead using pre-signed responses with a validity period of several days. Thus, a re-attack poses a serious threat to validation systems.

OCSP can support more than one CA level. OCSP requests can be connected between peer-to-peer transponders to request an issuing CA that is suitable for the subject's certificate, with responders checking each other's responses to the root CA using their own OCSP requests.

The OCSP responder can request revocation information using delegated path verification (DPV) servers. OCSP alone does not fulfill the DPV of supplied certificates.

The key signing the response does not have to be the same key that signed the certificate. A certificate issuer may delegate to another authority to be an OCSP responder. In this case, the responder of the certificate (the one used to sign the response) must issue the certificate to the issuer in response to the request, a specific extension that indicates it as a signature of the OCSP service (more precisely, the extended use of the renewal key with identifiers:

  OID {iso (1) identified-organization (3) dod (6) internet (1) security (5) mechanisms (5) pkix (7) keyPurpose (3) ocspSigning (9)}) 

There are several open and proprietary OCSP implementations, including full-featured servers and libraries for creating custom applications. OCSP customer support is built into many operating systems, web browsers and other network software due to the growing popularity of HTTPS and WWW .

Server

• Boulder, ^[1] CA and OCSP Responder developed and used by Let's Encrypt ( Go )
• DogTag, ^[2] CA open source certification authority, CRL and OCSP responder.
• Ejbca, ^[3] CA and OCSP Responder ( Java )
• OpenXPKI, ^[4] CA and OCSP as an extension to the OpenXPKI configuration.
• XiPKI, ^[5] CA and OCSP responder. With support for RFC 6960 and SHA3 ( Java )

Proprietary software:

• CA Certificate Services and the OCSP Responder included with Windows Server ^[6] .

Libraries

• cfssl ( Go )
• OpenSSL ( C )
• wolfSSL ( C )

There is extensive OCSP support among most major browsers:

• Internet Explorer is built on CryptoAPI Windows, and thus, starting from version 7 on Windows Vista (but not Windows XP ) supports OCSP verification.

All versions of Mozilla Firefox support OCSP verification. Firefox 3 includes OCSP validation by default.

• Safari on macOS supports OCSP verification. It is enabled by default with Mac OS X 10.7 (Lion). Before that, it must be activated manually in the settings of the remote control.
• Versions of Opera from 8.0 to the current version support OCSP verification.

However, Google Chrome is an exception. Google turned off the default OCSP checks in 2012, citing latency and privacy issues, and instead uses its own update mechanism to send revoked certificates to the browser.

• Public Key Infrastructure: Operational Protocols in the Open Directory Project Link Directory (dmoz)
• RFC 2560, X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP
• RFC 4806, Online Certificate Status Protocol (OCSP) Extensions to IKEv2
• RFC 5019, The Lightweight Online Certificate Status Protocol (OCSP) Profile for High-Volume Environments
• RFC 6960, X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP
• Processor.com April, 2009 article about Online Certificate Status Protocol