Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Delegated Path Validation and Delegated Path Discovery Protocol Requirements (RFC3379)

IP.com Disclosure Number: IPCOM000009771D
Original Publication Date: 2002-Sep-01
Included in the Prior Art Database: 2002-Sep-18
Document File: 16 page(s) / 33K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. Pinkas: AUTHOR [+2]

Abstract

This document specifies the requirements for Delegated Path Validation (DPV) and Delegated Path Discovery (DPD) for Public Key Certificates. It also specifies the requirements for DPV and DPD policy management.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 9% of the total text.

Network Working Group� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � D. Pinkas

Request for Comments: 3379� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � Bull

Category: Informational� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � R. Housley

� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � RSA Laboratories

� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � September 2002

� � � � � � � Delegated Path Validation and Delegated Path Discovery

� � � � � � � � � � � � � � � � � � � � � � � � Protocol Requirements

Status of this Memo

� � This memo provides information for the Internet community.� It does

� � not specify an Internet standard of any kind.� Distribution of this

� � memo is unlimited.

Copyright Notice

� � Copyright (C) The Internet Society (2002).� All Rights Reserved.

Abstract

� � This document specifies the requirements for Delegated Path

� � Validation (DPV) and Delegated Path Discovery (DPD) for Public Key

� � Certificates. It also specifies the requirements for DPV and DPD

� � policy management.

1. Introduction

� � This document specifies the requirements for Delegated Path

� � Validation (DPV) and Delegated Path Discovery (DPD) for Public Key

� � Certificates, using two main request/response pairs.

� � Delegated processing provides two primary services: DPV and DPD.

� � Some clients require a server to perform certification path

� � validation and have no need for data acquisition, while some other

� � clients require only path discovery in support of local path

� � validation.

� � The DPV request/response pair, can be used to fully delegate path

� � validation processing to an DPV server, according to a set of rules,

� � called a validation policy.

� � The DPD request/response pair can be used to obtain from a DPD server

� � all the information needed (e.g., the end-entity certificate, the CA

� � certificates, full CRLs, delta-CRLs, OCSP responses) to locally

� � validate a certificate.� The DPD server uses a set of rules, called a

� � path discovery policy, to determine which information to return.

Pinkas & Housley� � � � � � � � � � � � Informational� � � � � � � � � � � � � � � � � � � � � [Page 1]

RFC 3379� � � � � � � � � � DPV and DPD Protocol Requirements� � � � � September 2002

� � A third request/response pair allows clients to obtain references for

� � the policies supported by a DPV or DPD server.

1.1. Terminology

� � The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",

� � "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this

� � document (in uppercase, as shown) are to be interpreted as described

� � in [RFC2119].

2. Rationale and Benefits for DPV (Delegated Path Validation)

� � DPV allows a server to perform a real time certificate validation for

� � a validation time T, w...