An organization redesigns its network and discovers that external clients experience delays when validating digital credentials from the issuing authority. Which activity best reduces latency while also providing accurate checks?
Mandating reissue of the entire certificate chain on a weekly schedule
Resigning the root key whenever delays occur in credential checks
Using stapled status responses within the handshake
Posting updated revocation lists through a web server at intervals
Stapled status responses (Online Certificate Status Protocol (OCSP) stapling) include a signed validation message within the handshake. This expedites the status check because clients do not have to reach back to the issuing authority in real time. Posting a CRL at intervals helps revoke credentials but can still slow validation for external clients, reissuing the entire chain on a set schedule is impractical, and regularly resigning the root key is disruptive and presents greater administrative overhead.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is OCSP stapling?
Open an interactive chat with Bash
How does OCSP stapling improve network performance?
Open an interactive chat with Bash
What is the difference between CRLs and OCSP stapling?