High-reliability OCSP stapling and why it matters

Cloudflare has announced a new enhancement to its HTTPS service, High-Reliability OCSP stapling. The feature is aimed at enabling an important security feature on the web: certificate revocation checking. It also improves connection times by up to 30% in some cases. Digital certificates are the cornerstone of trust on the web and a digital certificate is like an identification card for a website, containing identity information including the website's hostname along with a cryptographic public key. The private key associated with each public key is kept secret by the site owner. If someone gets access to a certificate's private key, they can impersonate the site. Private key compromise is a serious risk to trust on the web. Certificate revocation checking is a way to mitigate this risk.