High-reliability OCSP stapling and why it matters
Cloudflare has announced a new enhancement to its HTTPS service, High-Reliability OCSP stapling. The feature is aimed at enabling an important security feature on the web: certificate revocation checking. It also improves connection times by up to 30% in some cases. Digital certificates are the cornerstone of trust on the web and a digital certificate is like an identification card for a website, containing identity information including the website's hostname along with a cryptographic public key. The private key associated with each public key is kept secret by the site owner. If someone gets access to a certificate's private key, they can impersonate the site. Private key compromise is a serious risk to trust on the web. Certificate revocation checking is a way to mitigate this risk.
Company
Cloudflare
Date published
July 10, 2017
Author(s)
Nick Sullivan
Word count
3204
Hacker News points
None found.
Language
English