Online Certificate Status Protocol ‘OCSP’ Dave Hirose July 15 2004 Outline: What is OCSP?...
-
Upload
laureen-andrews -
Category
Documents
-
view
219 -
download
1
Transcript of Online Certificate Status Protocol ‘OCSP’ Dave Hirose July 15 2004 Outline: What is OCSP?...
Online Certificate Status Protocol‘OCSP’
Dave Hirose
July 15 2004
Outline:
What is OCSP?
Digital Signatures
Certificate Revocation List
Technical aspects of OCSP
Types of OCSP
Conclusions
OCSP & Digital Signatures
OCSP is a protocol used to verify the status of digital signatures
Digital Signatures
Certificate StatusCertificate Revocation Lists &OCSP
Technical details of OCSP
RequestProtocol versionService requestTarget certificate identifier Optional extensions which may be processed by the OCSP
ResponseVersionResponder’s nameResponses for each of the certificates in the request
Possible Responses:GoodRevokedUnknown
Types of OCSP
Trusted Distributed
Conclusion
Can be useful in certain situations.
Suitable for highly sensitive or high valued information
Weigh the risk of not using real time verificationagainst the cost of using and implementing it
Should consider checking the CRL directly for revoked certifications.OCSP is not infallible. Since the revocation lists are not locked.
If real time verification of certificates is imperative and you have a highvolume complicated system, you should consider using a vendor specializingin digital certificate validation
Online Certificate Status Protocol
Questions?