1 / 6

OCSP Requirements

OCSP Requirements. GGF13. Refreshener. OCSP = Online Certificate Status Protocol (RFC2560) Removes(?) burden of CRL distribution and update Clients still have to do path validation! Lightweight request/response (HTTP). Changes since last time. Document “finish” applied

creidy
Download Presentation

OCSP Requirements

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OCSP Requirements GGF13

  2. Refreshener • OCSP = Online Certificate Status Protocol (RFC2560) • Removes(?) burden of CRL distribution and update • Clients still have to do path validation! • Lightweight request/response (HTTP)

  3. Changes since last time • Document “finish” applied • Missing sections added • Complete reformat • Corrections based on (marginal) feedback • Last week • Additional comments from Spain

  4. Updated architecture Periodic CRL download OCSP protocol CA Push, Delta CRLs site/organization boundary CA CA OCSPcache CRLcache OCSPclient AuthorizedResponder TrustedResponder CA OCSP client CA CA CA CA PMA TrustedResponder

  5. Outstanding issues • Signed requests • Stronger differentiation on suspension vs revocation • Use of OCSP response extensions to convey additional (validation) information • More wording on Delta CRLs • Notion of a caution period (RFC3125)

  6. Moving forward • Address the Spanish contributions • Move towards WG last call • Have document in public comment before GGF14

More Related