From the man page, and yes.. it is safe to allow it to access the Internet.
NAME
ocspd -- OCSP and CRL Daemon
SYNOPSIS
ocspd
DESCRIPTION
ocspd performs caching and network fetching of Certificate Revocation Lists (CRLs) and Online Certificate Certificate
cate Status Protocol (OCSP) responses. It is used by Security.framework during certificate verification. verification.
tion. Security.framework communicates with ocspd via a private RPC interface. When Security.framework
determines that a CRL is needed, or that it needs to perform an OCSP transaction, it performs an RPC to
ocspd which then examines its cache to see if the appropriate CRL or OCSP response exists and is still
valid. If so, that entity is returned to Security.framework. If no entry is found in cache, ocspd
obtains it from the network, saving the result in cache before returning it to Security.framework.