Which revocation checking method involves querying the issuer for the status of a single certificate?

Prepare for the Network Security (NETSEC) 3 Test with flashcards and multiple choice questions. Each question offers hints and explanations. Get exam-ready efficiently!

Multiple Choice

Which revocation checking method involves querying the issuer for the status of a single certificate?

Explanation:
The main idea is real-time, per-certificate revocation status. The Online Certificate Status Protocol is designed to check exactly that: it queries the issuing certificate authority for the status of a single certificate and gets an answer like good, revoked, or unknown. This makes revocation checking fast and specific for one certificate without needing to download large lists. In contrast, a certificate revocation list is a published, signed bundle of all currently revoked certificates; you have to download the whole list and search it to see if a given certificate is included, which can be less timely and scalable. A full chain check focuses on validating the entire certificate chain and may incorporate revocation checks, but it isn’t the mechanism that directly asks the issuer about one certificate’s status. Self-revocation isn’t a standard approach used in PKI ecosystems, since revocation is performed by the issuing CA, not by the certificate itself.

The main idea is real-time, per-certificate revocation status. The Online Certificate Status Protocol is designed to check exactly that: it queries the issuing certificate authority for the status of a single certificate and gets an answer like good, revoked, or unknown. This makes revocation checking fast and specific for one certificate without needing to download large lists.

In contrast, a certificate revocation list is a published, signed bundle of all currently revoked certificates; you have to download the whole list and search it to see if a given certificate is included, which can be less timely and scalable. A full chain check focuses on validating the entire certificate chain and may incorporate revocation checks, but it isn’t the mechanism that directly asks the issuer about one certificate’s status. Self-revocation isn’t a standard approach used in PKI ecosystems, since revocation is performed by the issuing CA, not by the certificate itself.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy