Tag: Question 0710

Systems Security Certified Practitioner – SSCP – Question0710

Which is NOT a suitable method for distributing certificate revocation information?

A. CA revocation mailing list
B. Delta CRL
C. OCSP (online certificate status protocol)
D. Distribution point CRL

Correct Answer: A

Explanation:

The following are incorrect answers because they are all suitable methods.
A Delta CRL is a CRL that only provides information about certificates whose statuses have changed since the issuance of a specific, previously issued CRL.
The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate.
A Distribution point CRL or CRL Distribution Point, a location specified in the CRL Distribution Point (CRL DP) X.509, version 3, certificate extension when the certificate is issued.
References: RFC 2459: Internet X.509 Public Key Infrastru http://csrc.nist.gov/groups/ST/crypto_apps_infra/documents/sliding_… http://www.ipswitch.eu/online_certificate_status_protocol_en.html Computer Security Handbook By Seymour Bosworth, Arthur E. Hutt, Michel E. Kabay http://books.google.com/books?id=rCx5OfSFUPkC&printsec=frontcover&d…