Question

Your organization has implemented a public key infrastructure (PKI). You need to ensure that each user's browser automatically checks the status of the user's certificate. What should you implement?

A) OCSP
B) CRL
C) MIME
D) PGP

Answer 1

To automatically check the revocation status of user certificates in a PKI, implement the Online Certificate Status Protocol (OCSP).

Step-by-step explanation:

To ensure that each user's browser automatically checks the status of the user's certificate within a Public Key Infrastructure (PKI), the protocol that should be implemented is the Online Certificate Status Protocol (OCSP). OCSP allows browsers to perform a real-time check to determine the revocation status of a digital certificate. This is a more efficient method compared to the traditional Certificate Revocation List (CRL), which requires downloading a list of revoked certificates. MIME is related to email message formats and PGP is a data encryption and decryption technique, so they are not relevant in the context of checking the revocation status of certificates.