/plushcap/analysis/cloudflare/high-reliability-ocsp-stapling

High-reliability OCSP stapling and why it matters

What's this blog post about?

Cloudflare has announced a new enhancement to its HTTPS service, High-Reliability OCSP stapling. The feature is aimed at enabling an important security feature on the web: certificate revocation checking. It also improves connection times by up to 30% in some cases. Digital certificates are the cornerstone of trust on the web and a digital certificate is like an identification card for a website, containing identity information including the website's hostname along with a cryptographic public key. The private key associated with each public key is kept secret by the site owner. If someone gets access to a certificate's private key, they can impersonate the site. Private key compromise is a serious risk to trust on the web. Certificate revocation checking is a way to mitigate this risk.

Company
Cloudflare

Date published
July 10, 2017

Author(s)
Nick Sullivan

Word count
3204

Hacker News points
None found.

Language
English


By Matt Makai. 2021-2024.