@rlebeau OCSP is the replacement for CRL. The basic concept is that the user-agent looks in the certificate definition, finds a OCSP server address, and asks them if the certificate is still valid.
Now we have the problem, that these OCSP servers haven't that great uptime. Here comes OCSP Stapling to the rescue: It's basically a TLS extension in the HTTPS connection. The HTTPS web server checks it's certificates for an OCSP server. If found, then he, the web server, asks the OCSP server every now and then for the validity of the certificate (signed with a timestamp from the CA), and passes it to the user-agent when a connection is established.
If everything works well the user-agents finds that signed OCSP-response and doesn't have to query and wait for a response from a hard-to-reach 3rd party.
Btw: It also improves user privacy - the 3rd party (CA/OCSP server) can't see anymore which server is browsed.