OCSP (Online Certificate Status Protocol) is a new way to validate the revocation status of X.509 digital certificates. OCSP has superseded the previous protocol CRL (Certificate Revocation List) and improves upon some of its shortcomings.
A major limitation of CRL checking is that updates must be frequently downloaded in order to maintain a current list of valid X.509 certificates from the client. This in turn can put a burden on the client’s network and calling resources. OCSP responses contain less information than CRL checking, which in turn decreases the burden on the client network.
Symantec further improved OCSP performance by building a highly efficient and responsive OCSP infrastructure to ensure X.509 validity can be checked quickly and with minimal effort from the client. The result is that Symantec is the fastest in the industry in determining X.509 digital certificate status.
This is another example where Symantec is consistently working to improve the user experience while managing X.509 certificates within the demands of the modern Internet.