A company wants to ensure that the validity of publicly trusted certificates used by its web server can be determined even during an extended internet outage.
Which of the following should be implemented?
A. Recovery agent
B. Ocsp
C. Crl
D. Key escrow
OCSP (Online Certificate Status Protocol) is a protocol that can be used to query a
certificate authority about the revocation status of a given certificate. OCSP can prepack-
age a list of revoked certificates and distribute them through browser updates and can be
checked if there is an Internet outage.
The answer should be C. (Certificate Revocation List)
A CRL is cached and is periodically updated which meets the criteria for a server to validate certificates “even during an extended internet outage”.
OCSP (Online Certificate Status Protocol) requires active connectivity to validate certificates which uses a large amount of network traffic. To circumvent large amount of network traffic there is such thing as OCSP Stapling to cache the statuses of certificates, but the question makes no mention of OCSP Stapling. A certificate still needs to be validated during the OCSP Stapling process which would still require network traffic to validate certificates.
My answer would go with CRL.
Agreed