One advantage of using OCSP vs CRLs for certificate validation?

• A. reduces latency between the time a certificate is revoked and validation reflects this status
• B. less complex to implement
• C. Higher availability for certificate validation
• D. supports longer certificate validity periods

Answer: (A)

Real-time revocation status is the key advantage OCSP brings to certificate validation. OCSP queries a CA’s online responder to check whether a specific certificate has been revoked, so the validation reflects the latest revocation status almost immediately after the CA revokes it. With CRLs, revocation information is published only at intervals; clients must download the latest CRL and search for the certificate’s serial number, which can create a delay between revocation and recognition in validation. This reduced latency means revoked certificates are prevented from being trusted sooner. Other aspects like implementation complexity, availability, or certificate validity periods aren’t inherent benefits of OCSP over CRLs. Availability depends on the responder’s uptime, and validity periods are dictated by policy, not the validation method.