Browse Prior Art Database

Delegated Path Validation and Delegated Path Discovery Protocol Requirements (RFC3379)

IP.com Disclosure Number: IPCOM000009771D
Original Publication Date: 2002-Sep-01
Included in the Prior Art Database: 2002-Sep-18
Document File: 16 page(s) / 33K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. Pinkas: AUTHOR [+2]

Abstract

This document specifies the requirements for Delegated Path Validation (DPV) and Delegated Path Discovery (DPD) for Public Key Certificates. It also specifies the requirements for DPV and DPD policy management.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 9% of the total text.

Network Working Group                                          D. Pinkas

Request for Comments: 3379                                          Bull

Category: Informational                                       R. Housley

                                                        RSA Laboratories

                                                          September 2002

        Delegated Path Validation and Delegated Path Discovery

                         Protocol Requirements

Status of this Memo

   This memo provides information for the Internet community.  It does

   not specify an Internet standard of any kind.  Distribution of this

   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

Abstract

   This document specifies the requirements for Delegated Path

   Validation (DPV) and Delegated Path Discovery (DPD) for Public Key

   Certificates. It also specifies the requirements for DPV and DPD

   policy management.

1. Introduction

   This document specifies the requirements for Delegated Path

   Validation (DPV) and Delegated Path Discovery (DPD) for Public Key

   Certificates, using two main request/response pairs.

   Delegated processing provides two primary services: DPV and DPD.

   Some clients require a server to perform certification path

   validation and have no need for data acquisition, while some other

   clients require only path discovery in support of local path

   validation.

   The DPV request/response pair, can be used to fully delegate path

   validation processing to an DPV server, according to a set of rules,

   called a validation policy.

   The DPD request/response pair can be used to obtain from a DPD server

   all the information needed (e.g., the end-entity certificate, the CA

   certificates, full CRLs, delta-CRLs, OCSP responses) to locally

   validate a certificate.  The DPD server uses a set of rules, called a

   path discovery policy, to determine which information to return.

Pinkas & Housley             Informational                      [Page 1]

RFC 3379           DPV and DPD Protocol Requirements      September 2002

   A third request/response pair allows clients to obtain references for

   the policies supported by a DPV or DPD server.

1.1. Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",

   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this

   document (in uppercase, as shown) are to be interpreted as described

   in [RFC2119].

2. Rationale and Benefits for DPV (Delegated Path Validation)

   DPV allows a server to perform a real time certificate validation for

   a validation time T, w...