The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. It is described in RFC 6960 and is on the Internet standards track.
It was created as an alternative to certificate revocation lists (CRL), specifically addressing certain problems associated with using CRLs in a public key infrastructure (PKI). Messages communicated via OCSP are encoded in ASN.1 and are usually communicated over HTTP. The “request/response” nature of these messages leads to OCSP servers being termed OCSP responders.
Some web browsers use OCSP to validate HTTPS certificates.
Comparison to CRLs
- Since an OCSP response contains less data than a typical certificate revocation list (CRL), it puts less burden on network and client resources.
- Since an OCSP response has less data to parse, the client-side libraries that handle it can be less complex than those that handle CRLs.
- OCSP discloses to the responder that a particular network host used a particular certificate at a particular time. OCSP does not mandate encryption, so other parties may intercept this information.
Protocol Details
An OCSP responder (a server typically run by the certificate issuer) may return a signed response signifying that the certificate specified in the request is ‘good’, ‘revoked’, or ‘unknown’. If it cannot process the request, it may return an error code.
The OCSP request format supports additional extensions. This enables extensive customization to a particular PKI scheme.
OCSP can be vulnerable to replay attacks, where a signed, ‘good’ response is captured by a malicious intermediary and replayed to the client at a later date after the subject certificate may have been revoked. OCSP allows a nonce to be included in the request that may be included in the corresponding response.
Because of high load, most OCSP responders do not use the nonce extension to create a different response for each request, instead using presigned responses with a validity period of multiple days. Thus, the replay attack is a major threat to validation systems.
OCSP can support more than one level of CA. OCSP requests may be chained between peer responders to query the issuing CA appropriate for the subject certificate, with responders validating each other’s responses against the root CA using their own OCSP requests.
An OCSP responder may be queried for revocation information by delegated path validation (DPV) servers. OCSP does not, by itself, perform any DPV of supplied certificates.