A security architect is deploying a public key infrastructure (PKI) and wants to ensure that certificate revocation status is verified efficiently without relying on a centralized CRL distribution point. Which technique should be used?
OCSP stapling caches and provides revocation status with the certificate.
Why this answer
OCSP stapling allows a TLS server to present a signed OCSP response from the CA, reducing load on the CA and providing timely revocation status.