Apparently there's a process names oscsp that takes a lot of bandwidth. I'm not sure what it's for; but I came across an article that showed how to turn it off in Keychain Access Preferences.
I'm not sure if this raises any problems. Any suggestions?
Best Answer
OCSP (and its performing daemon ocspd) as well as CRL are two different but similar methods to check the revocation status of public certificates and are part of the PKI (public key infrastructure).
The revocation status (beyond other statuses) determines the validity of a certificate.
The revocation status of a certificate may be good, unknown or revoked. The status will be changed from good to revoked if the publishing CA (certificate authority) or the certificate itself was compromised (e.g. the CA was hacked or the private key of a certificate was stolen or was published by accident).
Using a revoked certificate (without knowing that it was invalidated) on the client side may compromise its security.
You are strongly advised to enable OCSP and CRL and prioritize OCSP.
Addendum:
I supervised the needed bandwidth of ocspd with Little Snitch.
By searching for ocspd in the network monitor, marking the process and hitting the info button (highlighted in red) I get the total traffic.
After an uptime of ~5 hours I get 3.97 kB outgoing and 23 kB incoming traffic.
You may download and install Little Snitch and hunt down the culprit yourself. Besides the whole traffic of the process you can get the traffic to and from a single host also by choosing one them. Little Snitch runs in demo mode for three hours, and it can be restarted as often as you like. The Network Monitor expires after 30 days.