Browse Prior Art Database

X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP (RFC2560)

IP.com Disclosure Number: IPCOM000003147D
Original Publication Date: 1999-Jun-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 18 page(s) / 40K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

M. Myers: AUTHOR [+5]

Abstract

This document specifies a protocol useful in determining the current status of a digital certificate without requiring CRLs. Additional mechanisms addressing PKIX operational requirements are specified in separate documents.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 7% of the total text.

Network Working Group M. Myers

Request for Comments: 2560 VeriSign

Category: Standards Track R. Ankney

CertCo

A. Malpani

ValiCert

S. Galperin

My CFO

C. Adams

Entrust Technologies

June 1999

X.509 Internet Public Key Infrastructure

Online Certificate Status Protocol - OCSP

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1999). All Rights Reserved.

1. Abstract

This document specifies a protocol useful in determining the current

status of a digital certificate without requiring CRLs. Additional

mechanisms addressing PKIX operational requirements are specified in

separate documents.

An overview of the protocol is provided in section 2. Functional

requirements are specified in section 4. Details of the protocol are

in section 5. We cover security issues with the protocol in section

6. Appendix A defines OCSP over HTTP, appendix B accumulates ASN.1

syntactic elements and appendix C specifies the mime types for the

messages.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",

"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this

document (in uppercase, as shown) are to be interpreted as described

in [RFC2119].

2. Protocol Overview

In lieu of or as a supplement to checking against a periodic CRL, it

may be necessary to obtain timely information regarding the

revocation status of a certificate (cf. [RFC2459], Section 3.3).

Examples include high-value funds transfer or large stock trades.

The Online Certificate Status Protocol (OCSP) enables applications to

determine the (revocation) state of an identified certificate. OCSP

may be used to satisfy some of the operational requirements of

providing more timely revocation information than is possible with

CRLs and may also be used to obtain additional status information. An

OCSP client issues a status request to an OCSP responder and suspends

acceptance of the certificate in question until the responder

provides a response.

This protocol sp...