Solution to the validation problem
Similarly to the distribution problem, the processing of incoming signed data deals with the verification of the validation of an X.509 certificate at a certain point in time. This is very difficult for the user - at the moment, the following two alternatives are at your disposal:
- Certificate revocation lists (CRLs)
- Online validation with the help of an Online Certificate Status Protocol (OCSP)
The use of CRLs and OCSP enables the verification of the authenticity of transferred data. Thus, it can be reconstructed as to whether these data were valid at this point in time or not.
The advantage of certificate revocation lists is that they can be provided offline, whereas the use of OCSP provides a real-time verification of a certificate's validity (valid, revoked, expired).
At present the EBCA works with CRLs. An OCSP responder could inserted as soon as the EBCA desire it.