An Online Responder is a trusted server that receives and responds to individual client requests for information about the status of a certificate.
The use of Online Responders is one of two common methods for conveying information about the validity of certificates. Unlike certificate revocation lists (CRLs), which are distributed periodically and contain information about all certificates that have been revoked or suspended, an Online Responder receives and responds only to individual requests from clients for information about the status of a certificate. The amount of data retrieved per request remains constant no matter how many revoked certificates there might be.
In many circumstances, Online Responders can process certificate status requests more efficiently than by using CRLs. For example:
-
Clients who connect to the network remotely and either do not need nor have the high-speed connections required to download large CRLs.
-
A network needs to handle large peaks in revocation checking activity, such as when large numbers of users log on or send signed e-mail simultaneously.
-
An organization needs an efficient means to distribute revocation data for certificates issued from a non-Microsoft certification authority (CA).
-
An organization wants to provide only the revocation checking data needed to verify individual certificate status requests, rather than make available information about all revoked or suspended certificates.