• OCSP
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Solar thermal - MicroCSP
MicroCSP references solar thermal
technologies in which concentrating
solar power (CSP) collectors are based
on the designs used in traditional
Concentrating Solar Power systems
found in the Mojave Desert but are
smaller in collector size, lighter and
operate at lower thermal
temperatures usually below 315 °C
(600 °F)
1
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Solar thermal - MicroCSP
1
MicroCSP is used for community-sized
power plants (1MW to 50MW), for
industrial, agricultural and manufacturing
'process heat' applications, and when
large amounts of hot water are needed,
such as resort swimming pools, water
parks, large laundry facilities, sterilization,
distillation and other such uses.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
OCSP stapling
'OCSP stapling', formally known as the
TLS 'Certificate Status Request' extension,
is an alternative approach to the Online
Certificate Status Protocol (OCSP) for
checking the revocation status of X.509
digital certificates. It allows the presenter
of a certificate to bear the resource cost
involved in providing OCSP responses,
instead of the issuing certificate authority
(CA).
1
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
OCSP stapling - Motivation
When the certificate is issued to a
legitimate high traffic web site, for
instance, this can result in enormous
volumes of OCSP request traffic, all of
which serves to indicate that the certificate
is valid and can be trusted.
1
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
OCSP stapling - Motivation
1
OCSP checking also creates a privacy
impairment, since it requires the client to
contact a third party (the CA) to confirm
certificate validity. A way to verify validity
without disclosing browsing behavior
would be desirable for some groups of
users.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
OCSP stapling - Solution
1
Also, an invalid stapled response (or no
stapled response) will just cause the client
to ask the OCSP server directly
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
OCSP stapling - Solution
As a result, clients continue to have
verifiable assurance from the certificate
authority that the certificate is presently
valid (or was quite recently), but no
longer need to individually contact the
OCSP server. This means that the brunt
of the resource burden is now placed
back on the certificate holder. It also
means that the client software no longer
needs to disclose users' browsing habits
to any third party.
1
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
OCSP stapling - Solution
Overall performance is also improved:
When the client fetches the OCSP
response directly from the CA, it usually
involves the lookup of the domain name of
the CA's OCSP server in the DNS as well
as establishing a connection to the OCSP
server. When OCSP stapling is used, the
certificate status information is delivered to
the client through the established channel,
which improves performance.
1
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
OCSP stapling - Specification
Hallam-Baker,
[https://tools.ietf.org/html/drafthallambaker-muststaple-00 X.509v3
Extension: OCSP Stapling Required] TLS
developer Adam Langley discussed the
extension in an April 2014 article following
the repair of the Heartbleed OpenSSL
bug.A
1
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
OCSP stapling - Deployment
OCSP stapling has not seen broad
deployment to date, however this is
changing. The OpenSSL project
included support in their 0.9.8g
release with the assistance of a grant
from the Mozilla Foundation.
1
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
OCSP stapling - Deployment
Apache HTTP Server supports OCSP stapling
since version
2.3.3,[https://httpd.apache.org/docs/trunk/mod/mo
d_ssl.html#sslusestapling Apache HTTP Server
mod_ssl documentation - SSLUseStapling
directive] the nginx web server since version
1.3.7,[http://mailman.nginx.org/pipermail/nginxannounce/2012/000095.html nginx-announce
mailing list - nginx-1.3.7] LiteSpeed Web Server
since version
4.2.4,[http://www.litespeedtech.com/products/litesp
eed-web-server/release-log Release Log Litespeed Tech]
1
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
OCSP stapling - Deployment
1
On the browser side, OCSP stapling
was implemented in Firefox
26[https://blog.mozilla.org/security/
2013/07/29/ocsp-stapling-in-firefox/
OCSP Stapling in Firefox], retrieved
2013-0730mozillawiki:CA:ImprovingRevocati
on#OCSP_Stapling|Improving
Revocation - MozillaWiki, retrieved
2014-04-28 and in Internet Explorer
since Windows Vista.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
OCSP stapling - Limitations
1
However, OCSP stapling supports only
one OCSP response at a time, which is
insufficient for sites which use several
different certificates for a single
page.[https://bugzilla.mozilla.org/show_bu
g.cgi?id=360420#c10 Mozilla NSS Bug
360420], Comment by Adam
Langley[https://bugzilla.mozilla.org/show_
bug.cgi?id=611836 Mozilla NSS Bug
611836 - Implement multiple OCSP
stapling extension]
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
For More Information, Visit:
• https://store.theartofservice.co
m/itil-2011-foundationcomplete-certification-kitfourth-edition-study-guideebook-and-online-course.html
The Art of Service
https://store.theartofservice.com