最佳答案
RFC6960 (取代 RFC2560)是 OCSP 协议(protocol)实现的通用标准。 RFC5019由 Microsoft 开发,以促进大型环境需要通过添加限制/约束来减少网络过载,同时保持其仍然可靠。 RFC5019 仍然基于 RFC2560/6960,只是有一些限制。引自 RFC5019:
As the use of PKI continues to grow and move into diverse environments, so does the need for a scalable and cost-effective certificate status mechanism. Although OCSP as currently defined and deployed meets the need of small to medium-sized PKIs that operate on powerful systems on wired networks, there is a limit as to how these OCSP deployments scale from both an efficiency and cost perspective. Mobile environments, where network bandwidth may be at a premium and client-side devices are constrained from a processing point of view, require the careful use of OCSP to minimize bandwidth usage and client-side processing complexity.
也就是说:RFC6960 更适合“高成本、低容量”环境,而 RFC5019(和 Microsoft 实现)仅支持“低成本、高容量”环境。
关于certificate - RFC2560 与 RFC5019,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44867850/