Chapter 10

Understanding Cryptography and PKI

Successful Passing SY0-601
Cryptographic
Uses of
Cryptography
• Confidentiality (primary use)
• Viewable only by authorized users. Encryption
protects the confidentiality data
• Scrambles data to make it unreadable
• Encryption usually includes an algorithm and
key
• Symmetric encryption – same key
• Asymmetric encryption – two keys
(matched pair)
• Steganography – hiding data within other files
Uses of Cryptography (2)

Authentication Non-Repudiation Digital signature (Integrity)

Used to validate a sender is who Prevents a party from denying Provide authentication, non-
he/she claims to be he/she took a specific action repudiation, and integrity
Enforced with digital signatures Enforced with digital signatures Users sign emails with a digital
signature, which is a hash of an
email message encrypted with the
sender’s private key
Only the sender’s public key can
decrypt the hash, providing
verification it was encrypted with
the sender’s private key
Cryptographic
Ciphers
Substitution cipher
• A substitution cipher involves replacing units (a letter or blocks of letters)
in the plaintext with different cipher text. Typical substitution ciphers
rotate or scramble letters of the alphabet.
Transposition cipher
• In contrast to substitution ciphers, the units in a transposition cipher stay
the same in plaintext and ciphertext but their order is changed, according
to some mechanism.
Substitution and transposition ciphers are vulnerable to frequency analysis
Mechanical cipher
• A substitution cipher and Transposition ciphers often implemented using
machines (proper machine during the Second World War was the Enigma
machine.
 Cryptographic
Keys

Keys
• Cannot keep the cipher itself secret
• Key ensures ciphertext remains protected
even when the operation of the cipher is
known
• Key size determines how difficult it is for a
computer to guess (brute force) the key
• Most ciphers use a key to increase the
security of the encryption process. For
example, if you consider the Caesar cipher
rot13 described above, you should realize
that the key is 13. You could use 17 to
achieve a different ciphertext from the
same method.
Possible Key Values
Possible Key Values
• An algorithm contains a keyspace, which is a range of values that can be used to construct a key. The key is made up of random values within
the keyspace range. The larger the keyspace, the more available values can be used to represent different keys, and the more random the keys
are, the harder it is for intruders to figure them out.
• A large keyspace allows for more possible keys. The encryption algorithm should use the entire keyspace and choose the values to make up
the keys as randomly as possible. If a smaller keyspace were used, there would be fewer values to choose from when forming a key. This
would increase an attacker’s chance of figuring out the key value and deciphering the protected information.
• A random number generator will generate random values evenly distributed across a full bit space of the key length. A poor random number
generator will tend to select certain values, or the process will choose only certain areas within the resulting keyspace, which reduces the
overall randomness of the process.
Key Lengths
• 40-bit key length = 240 = over 1,000,000,000,000 possibilities
• 64-bit key length = 264 = over 20,000,000,000,000,000,000
• 128-bit key length = 2128 = over 340,000,000,000,000,000,000,000,000,000,000,000,000
• Longer keys require more processing power to break
• The key length should be chosen to provide the right level protection while using an acceptable amount of resources

Keys

1010 101001 1110001 101 0111001

101001 101001 01100011
Keyspace 010
0011101
001
001011 1000111 0101 1100011
10101110
 • Security - the comparative strength of one cipher over another largely depends on
Encryption the bit-strength of the key and the quality of the algorithm.
• Performance - some technologies require more processing and memory power,
Technologies making them slower and unsuitable for mobile devices.
• Cost - many standards are open and royalty free; some are not
Cryptographic Hash Functions
Cryptographic hash functions (checksum)
• Hash functions based on block ciphers.
• Typically used to store passwords and ensure message integrity

Message-Digest algorithm 5 (MD5)

• Latest in a series of algorithms designed by Ron Rivest.
• Uses a 128-bit key.
• Many applications use MD5 to verify the integrity of files. (emails, files downloaded from the internet, and
executable files)
• Widely used hashing algorithm; at some point, you have probably seen MD5 hashes when downloading files.

Secure Hash Algorithm (SHA)

• One of several hash functions designed by the NSA and published by the NIST.
• Widely used in the United States government.
• SHA-0 128 bit key
• SHA-1 is the update version that employs a 160-bit hash, which is reasonably secure, but uses a lot of resources.
• SHA-2 is more secure; uses SHA-224, SHA-256-bit, SHA-384 and SHA-512-bit block sizes.
• SHA-3 is name the replacement for SHA-2. created different so resistant to the most common attacks against hashing
 Hashing
•RIPEMD - RACE Integrity Primitives Evaluation Message Digest
(RIPEMD)
• Was designed as an alternative to MD5 and SHA.
• RIPEMD-160 offers similar performance and encryption strength to
SHA-1.
•HMAC
•A Message Authentication Code (MAC) is a means of proving the
integrity and authenticity of a message.
• To produce a MAC rather than a simple digest, the message is
combined with a secret key. the secret key should be known only
to sender and recipient and cannot be recovered from the MAC
(the function is one-way), in theory only the sender and recipient
should be able to obtain the same MAC and so prove the message's
origin and that it has not been tampered with.
• A Hash-based Message Authentication Code (HMAC), is a
particular means of generating a MAC, using the MD5 (HMACMD5),
SHA-1 (HMAC-SHA1), or SHA-2 (HMAC-SHA2) algorithm.
Using HMAC
Modification of message and hash
 If a attacker can change a message, why cant the attacker change the hash, too?
 The attacker can re-calculate the hash on the modified message and replace the original hash with the modified
hash. Here’s the result:

 Hash created on Lisa’s computer:

 D9B93C99B62646ABD06C887039053F56

 Modified hash inserted by attacker after modifying the message:

 564294439e1617f5628a3e3eb75643FE

 Hash created for modified message on Bart’s computer:

 564294439e1617f5628a3e3eb75643FE

 After Lisa applies the HMAC secret key:

 733C70A54A13744D5C2C9C4BA3B15034
 Attacker wont have access to secret key so he will not be able to recalculate the hash

 HMAC-MD5 hash created on Lisa’s computer:

 733C70A54A13744D5C2C9C4BA3B15034

 HMAC-MD5 hash created on Bart’s computer:

 733C70A54A13744D5C2C9C4BA3B15034
 • The same secret key is used for encryption and decryption
• Problem storing and distributing key securely
• Symmetric encryption uses a single cryptographic key to both
encrypt and decrypt data.
• This key, often call a shared key, must be kept private among
only those parties who should have access to the protected
data, because anyone with the key can decrypt the data.
Symmetric encryption can be fast and effective, but provides
Symmetri only confidentiality, not integrity or authentication.

c • Block cipher
• Split plaintext into equal-size blocks (usually 64 or 128)

Encryption • 1200-bit text would be 10 x128 and padded with an

extra 80 bits
• Subject to rounds of transpositions and substitutions
• Stream cipher
• Encrypted 1 bit or byte at a time
• More common with audio and video
• Use substitution so offers less robust protection
• Plaintext combined with a random keystream and
Initialization Vector (IV)
Symmetric Key Algorithms
• Encryption Algorithm and Key (cont’d)
• Data Encryption Standard (DES)
• Uses 56-bit keys, considered small by today’s standards
• Susceptible to brute force attacks
• 3DES
• Use 2 or 3 keys instead of a single key like DES
• Encrypts data 3 times with DES
• Keys 56,112,168
• Stack algorithms – plaintext encrypt with DES, then encrypted first cipher text
with a different key, then encrypt the second cipher text with the third key
• Consumes large amounts of resources
Symmetric Key Algorithms
• Blowfish
• Secure and fast
• Key sizes – 32 to 448 bits
• Block size 64
• Can be faster than AES (do to block size)
• Twofish
• A block cipher that was entered into the AES competition
• Block size 128
• Key sizes up to 128,192,256
Symmetric Key Algorithms
• Encryption Algorithm and Key (cont’d)
• Advanced Encryption Standard (AES and AES256)
• A mathematical algorithm using 128, 192 or 256, 512 bits
• Currently considered the strongest algorithm
• Successor to 3DES
• Uses less resources than DES and 3DES
• Very fast, requiring only one pass to encrypt the data
• Used widely to include smart cards, smart phones and USB flash drives
Symmetric Key Algorithms
• Rivest Cipher (RC)
• There are multiple RC versions, most of which are not related aside from the fact that
they are all encryption algorithms.
• RC4- STREAM ONLY
• Widely used stream cipher in protocols such as SSL, TLS and WEP; known for
speed and simplicity.
• RC6
• A block cipher that was entered into the AES competition and was one of the five
finalists.
• Though it was not selected, it is a patented algorithm that is offered by RSA
Security as an alternative to AES.
Asymmetric Key Algorithms
• Asymmetric Encryption
• Uses two keys: a public key and a private key
• The private key is kept confidential and protected by key owner, used to decrypt
• The public key is distributed to others, used to encrypt data
• Both keys are created as a matched pair
• Both keys can encrypt and decrypt data
• Also referred to as:
• Public-key encryption
• Public/private-key encryption
• Public Key Infrastructure (PKI) encryption
• Secret private key
Asymmetric Key Algorithms
• RSA
• RSA is one of the most popular algorithms used for public key cryptography, and it is very secure.
• It was developed by computer scientists Rivest, Shamir, and Adleman in 1978 and is used by government
agencies, large corporations, and in a number of hardware devices and software applications that provide
public key cryptography capabilities. It relies on the inherent difficulty of finding a number’s prime
factorization.
• In this system, the public key is the product of two very large prime numbers. Use large prime numbers (1024
– 2048 bits) to create keys
• The private key – the two prime numbers – must then be kept secret, as in other public key cryptographic
schemes.
• Because there is no short cut to finding the prime factorization of the public key – the only way is to try all
the possibilities – the private key is safe from being computed in a practical amount of time, if it’s big enough.
• A 1024-bit RSA key would take 3 million years to crack
• Protects credit cards on the Internet
 Asymmetric
Algorithms
• RSA
• Developed by Ron Rivest, Adi Shamir and Leonard
Adleman
• Digital signatures, key distribution, encryption
• Difficulty of factoring large numbers
• Key sizes: 512, 1024, 2048, 4096, 8192
• El Gamal
• Digital signatures, encryption, and key exchange
• Based on calculating discrete logarithms in a finite
field
• Used by NIST in its DSA
• Elliptic Curve Cryptography (ECC)
• Digital signatures, key distribution, encryption
• More efficient than other algorithms
• Used in devices with limited processing power
• Does not require longer key to provide higher
protection
Digital Signatures
• Integrity, authentication, non-repudiation
• Alice creates a digest of the data using a pre-agreed
algorithm and then encrypts the digest using her private
key
• The signature is attached to the document and delivered
• Bob decrypts the signature using Alice's public key,
resulting in the original digest
• Bob then calculates his own message digest of the
document and compares it with Alice's digest
• If the two digests are the same, then the data has not
been tampered with during transmission, and Alice's
identity is guaranteed

Slide 20
Digital Envelopes
• Alice encrypts the message using a secret-key
cipher such as AES or Blowfish
• The secret key itself is encrypted using public key
cryptography (Bob’s public key) then attacked t the
encrypted message and sent to Bob. In this context,
the secret key is often referred to as a session key
• Bob uses is private key to decrypt the secret key
• Bob uses the secret key to decrypt the message

Slide 21
 Asymmetric Encryption Algorithms

ACTION W H O S E K E Y TO U S E W H I C H K E Y TO U S E E X P L A N AT I O N

Bob wants to send Alice an Alice’s Key Public Key When an encrypted message is to be sent, the
Encrypted message recipient’s key is used and not the sender’s keys

Alice wants to read an encrypted Alice’s Key Private Key An encrypted message can only be read by
message sent by bob using the recipient’s private key

Bob wants to send a copy to Bob’s Key Public key to encrypt An encrypted message can only be read by the
himself of the encrypted Private key to decrypt recipient’s private key; Bob would need to
message that he sent to Alice encrypt it with his own public key and then use
his private key to decrypt it
 Asymmetric Encryption Algorithms

Action Whose key to use Which key to use Explanation

Bob receives an encrypted reply message Bob’s key Private key The recipient’s private key is used to decrypt
from Alice received messages

Bob wants Susan to read Alice’s reply Susan’s key Public key The message should be encrypted with
message that he received Susan's key for her to decrypt and read it with
her private key

Bob wants to send Alice a message with Bob’s Key Private key Bob’s private key is used to encrypt the hash
a digital signature

Alice wants to see Bob’s digital signature Bob’s key Public key Because Bob’s public and private keys work in
both directions, Alice can use his public key to
decrypt the hash
Asymmetric Encryption Algorithms
Diffie-Hellman
• Diffie Hellman was the first key exchange protocol.
• It allows for two parties, without any prior knowledge of each other, to exchange keys securely over an insecure channel.
• Does not provide data encryption or digital signatures
• However, because the protocol is not authenticated, it is susceptible to a number of attacks, including man-in-the-middle.
• In this attack, someone replaces a legitimate key with his own.
• If someone then uses the attacker’s key to encrypt a message, the attacker will be able to read it.
• If the attacker can replace the public keys of two or more of the communicants, he can effectively read all
communications without anyone knowing he is doing so.
• By adding authentication to Diffie Hellman, it becomes a very secure protocol, and it is used as the foundation for a
number of other cryptographic protocols.
• EDH – Ephemeral Diffie Hellman – temporary key is used in the key exchange instead of reusing the same key over and
overused to create PFS (perfect forward secrecy)

Diffie-Hellman
Asymmet • Diffie-Hellman Versions
ric • EDH – Ephemeral Diffie Hellman – temporary
key is used in the key exchange instead of
Encryptio reusing the same key over and overused to
create PFS (perfect forward secrecy) or may be
referred to as DHE – use ephemeral keys,
n generating different keys for each session
• ECDHE – uses ephemeral keys generated using
Algorithm ECC

s
Asymmetric
Encryption
Algorithms
• Secure Sockets Layer (SSL)
• Commonly used to encrypt
web HTTP traffic
• Uses both asymmetric and
symmetric encryption
• Asymmetric encryption used
to securely share the session
key
• Symmetric encryption used
to encrypt the session data
• Operates at the Session layer
of the OSI Model
Asymmet • Transport Layer Security (TLS)
• Designed as a replacement for SSL
ric • Uses both asymmetric and symmetric
encryption

Encryptio • Asymmetric encryption used to securely share

the session key

n • Symmetric encryption used to encrypt the

session data

Algorithm
• Shares private keys using Diffie-Hellman
algorithm
• Operates on the Transport layer of the OSI
s Model
 • Encrypting data sent over network
• SSH
• HTTPS
• IPsec

Transport
• SSL / TLS
• In-band versus out-of-band key exchange

Encryptio • In-band over network (public keys) – two

parties share an encryption key in the same
communication channel as the encrypted data
n • Out-of-band (cannot trust network / secret
keys) – two parties share the same symmetric
key in one communication channel and then
exchange the encrypted data in a separate
communication channel.
Cryptographic Attacks (2)
• Mathematical attacks
• Weaknesses in the cipher
• Weaknesses in the key space
• Weaknesses in the implementation (software)
• Man-in-the-Middle and Replay
• Inadequate authentication (secure keys with certificates)
• Replay attacks
• Inadequate session control / timestamping (prevent by using once-only session tokens or timestamp sessions)
• Attacker captures some type of data and resubmits it with the hopes of fooling the receiving device into
thinking it is legitimate information
• Side channel
• Monitor power consumption, timing, etc. obtain a physical copy of the crypto system or extreme monitoring
software installed. (studying physical properties of the crypto system)
• Attacker observes how system works through different behaviors
Cryptographic Attacks (2)
• Cipher-only attack - attacker has ciphertext of several messages
• Known-plaintext attack - attacker has plaintext and corresponding ciphertext
• Chosen-Plaintext attack - attacker has the plaintext and ciphertext but can choose the
plaintext that get encrypted to see the corresponding ciphertext.
• Chosen-Ciphertext attack - attacker can chose the ciphertext to be decrypted and has
access to the resulting decrypted plaintext.
• Differential Cryptanalysis - attack looks at ciphertext pairs generated by encryption of
plaintext pairs with specific differences and analyzes the effect and result of those
differences.
• Linear Cryptanalysis – attacker carries out a known-plaintext attack on several different
messages encrypted with the same key.
 Cryptography Terms
Term Definition
Encryption A process that converts readable information (plaintext) into unreadable information (ciphertext).
Decryption The process that converts ciphertext into plaintext.
The components for encryption/decryption. Cryptosystems may include hardware, software, protocols,
Cryptosystem algorithms and keys.
Cipher Aka algorithm, mathematical and logical rules to encrypt.
Plaintext A message in its natural format readable by anyone.
Ciphertext Messages unreadable to anyone other than intended recipient.
Decipher Transforming encrypted information into a readable form.
Key Aka cryptovariable, the sequence of bits that make ciphertext unreadable.
The number of keys values in a cryptographic algorithm. Keyspace is calculated as 2^n power where n is
Keyspace the number of bits in the key.
The amount of resources (time or effort) required to crack an encryption algorithm (typically
Work Factor proportional to keyspace).
 More Cryptographic Concepts / Terms

Term Definition
Stream Cipher For symmetric cryptography encrypting one bit at a time.

Block Cipher For symmetric cryptography, where messages are encrypted by blocks and the ciphertext output is a block of
the same size.

Collision Where two hashes have the same value.

Hybrid Cryptography Combines asymmetric and symmetric cryptography. Asymmetric cryptography authenticates, then
symmetric keys are used as session keys.

Session Key A unique key generated one time for an individual session.

Avalanche Where changing a single bit in the plaintext will change 50 percent of the bits in the resulting ciphertext.
 Cryptanalysis Attacks
Attack Characteristics
Replay Attack Capturing sessions and repeating transmissions.
Ciphertext Only Attack attempts to crack key using ciphertext only.
Known Plaintext Plaintext is known and attacker uses cryptanalysis to decipher key.
Chosen Plaintext Chosen plaintext is known and attacker uses cryptanalysis to decipher key.
Chosen Ciphertext Attacker attempts to decrypt known ciphertext.
Frequency Analysis If inadequate confusion or diffusion, attacker can analyze the frequency of encrypted characters to determine their value.
Mathematical attacks Weaknesses in the cipher, Weaknesses in the keyspace, Weaknesses in the implementation (software)
Man-in-the-Middle Inadequate authentication (secure keys with certificates)
Replay attacks
Inadequate session control / timestamping (prevent by using once-only session tokens or timestamp sessions)

Side channel Monitor power consumption, timing, etc. obtain a physical copy of the crypto system or extreme monitoring software installed.
(studying physical properties of the crypto system)
Implement Certificates and Certificate Authorities
PKI

• Public Key Infrastructure (PKI)

• An entire system of hardware and software, policies and
CA issuing procedures, and people.
user certificates
• Used to create, distribute, manage, store, and revoke digital
CA certificates.
• Secures e-commerce sessions, email transmissions, and
connections to remote computers and remote networks.
CA CA
• Includes users, client computers, servers, services, and most
of all, encryption.
• An example of public key usage would be a certificate
Certificates Software Services Other Cryptographic obtained by a web browser during an encrypted session with
Components an
e-commerce website.
• An example of private key usage would be when a user needs
to encrypt the digital signature of a private email.
 What Makes
Up a PKI
 CA
 RA
Certificate CA

 Certificate Repository
 Certificate Revocation System (CRL)
 Key Backup and Recovery System (KRA)
RA Certificate Database Certificate
Management System
 Automatic Key Update (OCSP)
 Time Stamping
 Client-side Software
Certificate Authorities
• The certificate authority is responsible for the generation and publication of certificates to be used within the PKI.
• To act as a trusted third party, the CA signs the generated certificate using its private key.
• The CA can then be used to verify the authenticity of an entity’s public key as well as to tie the public key to the
entity’s identity.
• A single certificate can contain multiple signatures. Multiple individuals might sign the key/identification pair to
declare to their own assurance that the public key definitely belongs to the specified owner.
• Third party/public certificate authorities such as VeriSign and Thawte are trusted worldwide and their
certificates are installed by browser vendors such as Microsoft and Google.
• Private certificate authorities such as the Department of Defense create their own certificates to save money
and to have more control over certificates. Their certificates are pushed out to their users using group policy,
although their certificates can be manually imported by other users.
• Usually public and even private certificate authorities are arranged in a hierarchy where the root CA authorizes
subordinate certificate authorities that issue certificates. The chain of trust/root of trust concept allows for this
delegation of certificate responsibilities from the root CA to the subordinate CAs.
Registration Authority (RA)
• A registration authority acts as an intermediary between PKI clients and the CA.
• Its role is to receive requests from the client, validate them, and, if validated, send the
request to the CA.
• The CA then sends the response to the RA who forwards it to the client.
• The RA has no real power within the PKI and simply acts to help scale the infrastructure
by handling processing for the CA.
Understanding a Certificate
• A certificate
• A file used for a variety of security purposes
• Includes:
• Who it was issued to
• Who issued it
• Its purpose(s)
• Validity dates (including an expiration date)
• Its unique serial number
• Public key
Digital
Certificates
• Contains information
about the subject and the
certificate’s issuer.
• Based on x.509 standard –
which defines the fields
that must be present in
the certificate.
• Uses DER (Digital
Encoding Rule)
 Field Usage
Version The X.509 version supported (V1, V2, or V3).
Serial Number A number uniquely identifying the certificate within the
domain of its CA.
Signature The algorithm used by the CA to sign the certificate.

Certifica Algorithm
Issuer The name of the CA, expressed as a Distinguished Name
(DN).

te Fields Valid From / To

Subject
Date and time during which the certificate is valid.
The name of the certificate holder, expressed as a
Distinguished Name (DN).
Public Key Public key and algorithm used by the certificate holder.
Extensions V3 certificates can be defined with extended attributes,
such as friendly subject or issuer names, contact email
addresses, and intended key usage.
Certificate
Extensions
• Wildcard certificates
• *.widget.com
• Covers the whole domain
• Extensions
• Defines the purpose for
which a certificate was
issued
• Uses versions of x.509
format
• Extra info about
certificate can be added
Implement PKI
Management
Key Management
• Key lifecycle
• Key Generation - creating a secure key of the required strength, using the chosen cipher
• Certificate Generation - to allocate a key to a user it is typically embedded in a digital
certificate
• Distribution - making the key (or certificate) available to the user
• Storage - the user must take steps to store the key securely, ensuring that unauthorized
access and use is prevented (HSM)
• Revocation - if a key is compromised, it can be revoked before it expires
• Expiration - a key that has not been revoked expires after a certain period
• Centralized - one administrator controls process
• Decentralized – each user is responsible for his or her keys
The Certificate Enrollment Process (CSR-
Certificate Signing Request)

2 Authentication 3 Policy applied 4 Request sent to CA

6 Entity notified

1 Certificate request 7 Certificate installed 5 Certificate issued

 The Certificate Life Cycle

3c Certificate expires 3d Certificate is suspended

1 Root issues self-signed certificate

2 Certificates are enrolled

3a Certificate is renewed 3b Certificate is revoked

Longer life cycles give attackers advantage

Shorter life cycles allow for renewal of more secure certificates
Certificat
e Policies
• SSL Web Server – guarantee e-
commerce or information
gathering websites (DV and EV)
• Code Signing – Validity of a
software application or browser
plug-in
• Registered Domain – prove the
ownership of a domain
• Personal email – secure personal
email and file transfer
• Some certificates may require
higher level authentication (High
Assurance SSL)
Creating Keys
•Key pairs
• Multiple key pairs
• Same key used to sign a document (authentication and non-
repudiation) should not used the same key to encrypt documents
(confidentiality)
• Storing and distributing keys
• Hardware Security Module (HSM/typically removable media)
• Trusted Platform Module (TPM/chip in a PC or laptop to generate
and store private keys)

• N of M control
• Number of administrators that are permitted to access the
system
Key Recovery
Agents (KRA)
• Keys can be backed up to
protect against data loss
• Anyone with access to backup
keys could impersonate the
true key holder
• Key recovery processes (eg M
of N control) make this
difficult
• Escrow – placing archived keys
with a trusted third party
Private Key
Replacement
Process

1. Recover key
2. Decrypt data
3. Destroy original key Original Key
Replacement Key
4. Obtain new key pair
5. Encrypt data with new key
Key Status
and
Revocation
• A CA can use any of the
following reasons to
revoke a certificate
• Key compromise
• CA compromise
• Change of affiliation
• Cease of operation
• Certificate hold
 •Revocation versus suspension
• Renewal
• Expiration
•Certificate Revocation List (CRL)
• Distribution Point – where CRL are published

Key Status • Validity – how long it is considered authoritative

•Online Certificate Status Protocol (OCSP)

and • The online certificate status protocol, or OCSP, is an alternative to a CRL.

• Instead of periodically downloading a list of revoked certificates, the PKI client

Revocation •
queries the CA about the revocation status of a certificate.
This method has a number of advantages and disadvantages over CRLs.
• One advantage is that revoked certificates are immediately unused by
OCSP clients. With CRL, the revoked certificate may be used until the
cache is refreshed.
• A disadvantage of OCSP is that the client must always be online in order
to query the CA.