• OCSP
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Solar thermal - MicroCSP
1 MicroCSP references solar thermal technologies in which concentrating
solar power (CSP) collectors are based on the designs used in
traditional Concentrating Solar Power systems found in the Mojave Desert
but are smaller in collector size, lighter and operate at lower thermal temperatures usually below 315 °C
(600 °F)https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Solar thermal - MicroCSP
1 MicroCSP is used for community-sized power plants (1MW to 50MW),
for industrial, agricultural and manufacturing 'process heat' applications, and when large
amounts of hot water are needed, such as resort swimming pools, water
parks, large laundry facilities, sterilization, distillation and other
such uses.https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
OCSP stapling
1 'OCSP stapling', formally known as the TLS 'Certificate Status Request'
extension, is an alternative approach to the Online Certificate Status Protocol (OCSP) for checking the revocation
status of X.509 digital certificates. It allows the presenter of a certificate to
bear the resource cost involved in providing OCSP responses, instead of the
issuing certificate authority (CA).
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
OCSP stapling - Motivation
1 When the certificate is issued to a legitimate high traffic web site, for
instance, this can result in enormous volumes of OCSP request traffic, all of which serves to indicate that the
certificate is valid and can be trusted.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
OCSP stapling - Motivation
1 OCSP checking also creates a privacy impairment, since it requires the
client to contact a third party (the CA) to confirm certificate validity. A
way to verify validity without disclosing browsing behavior would
be desirable for some groups of users.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
OCSP stapling - Solution
1 Also, an invalid stapled response (or no stapled response) will just cause
the client to ask the OCSP server directly
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
OCSP stapling - Solution
1 As a result, clients continue to have verifiable assurance from the certificate authority that the certificate is presently
valid (or was quite recently), but no longer need to individually contact the OCSP
server. This means that the brunt of the resource burden is now placed back on the certificate holder. It also means that the
client software no longer needs to disclose users' browsing habits to any third party.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
OCSP stapling - Solution
1 Overall performance is also improved: When the client fetches the OCSP
response directly from the CA, it usually involves the lookup of the domain name
of the CA's OCSP server in the DNS as well as establishing a connection to the OCSP server. When OCSP stapling is used, the certificate status information is delivered
to the client through the established channel, which improves performance.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
OCSP stapling - Specification
1 Hallam-Baker, [https://tools.ietf.org/html/draft-
hallambaker-muststaple-00 X.509v3 Extension: OCSP Stapling Required]
TLS developer Adam Langley discussed the extension in an April 2014 article following the repair of
the Heartbleed OpenSSL bug.A
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
OCSP stapling - Deployment
1 OCSP stapling has not seen broad deployment to date, however this is
changing. The OpenSSL project included support in their 0.9.8g
release with the assistance of a grant from the Mozilla Foundation.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
OCSP stapling - Deployment
1 Apache HTTP Server supports OCSP stapling since version
2.3.3,[https://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslusestapling Apache HTTP Server
mod_ssl documentation - SSLUseStapling directive] the nginx web server since version
1.3.7,[http://mailman.nginx.org/pipermail/nginx-announce/2012/000095.html nginx-announce
mailing list - nginx-1.3.7] LiteSpeed Web Server since version
4.2.4,[http://www.litespeedtech.com/products/litespeed-web-server/release-log Release Log - Litespeed
Tech]
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
OCSP stapling - Deployment
1 On the browser side, OCSP stapling was implemented in Firefox
26[https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ OCSP Stapling in Firefox], retrieved 2013-07-
30mozillawiki:CA:ImprovingRevocation#OCSP_Stapling|Improving Revocation -
MozillaWiki, retrieved 2014-04-28 and in Internet Explorer since Windows Vista.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
OCSP stapling - Limitations
1 However, OCSP stapling supports only one OCSP response at a time, which is
insufficient for sites which use several different certificates for a single page.
[https://bugzilla.mozilla.org/show_bug.cgi?id=360420#c10 Mozilla NSS Bug 360420],
Comment by Adam Langley[https://bugzilla.mozilla.org/show_bug.cgi?id=611836 Mozilla NSS Bug 611836 -
Implement multiple OCSP stapling extension]
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
For More Information, Visit:
• https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
The Art of Servicehttps://store.theartofservice.com