Presentation is loading. Please wait.

Presentation is loading. Please wait.

OCSP Requirements GGF13.

Published byΔιδώ Αποστολίδης Modified over 5 years ago

Similar presentations

Presentation on theme: "OCSP Requirements GGF13."— Presentation transcript:

1 OCSP Requirements GGF13

2 Refreshener OCSP = Online Certificate Status Protocol (RFC2560)
Removes(?) burden of CRL distribution and update Clients still have to do path validation! Lightweight request/response (HTTP)

3 Changes since last time
Document “finish” applied Missing sections added Complete reformat Corrections based on (marginal) feedback Last week Additional comments from Spain

4 Updated architecture CA CA OCSP cache CRL cache CA OCSP client
Periodic CRL download OCSP protocol CA Push, Delta CRLs site/organization boundary CA OCSP cache CRL cache CA OCSP client Authorized Responder Trusted Responder CA OCSP client CA CA CA CA PMA Trusted Responder

5 Outstanding issues Signed requests
Stronger differentiation on suspension vs revocation Use of OCSP response extensions to convey additional (validation) information More wording on Delta CRLs Notion of a caution period (RFC3125)

6 Moving forward Address the Spanish contributions
Move towards WG last call Have document in public comment before GGF14

Download ppt "OCSP Requirements GGF13."

Similar presentations

A Framework for Distributed OCSP without Responders Certificate

A Framework for Distributed OCSP without Responders Certificate
Lightweight OCSP Profile for High Volume Environments November 10, 2004 Ryan M. Hurst Alex Deacon.

Lightweight OCSP Profile for High Volume Environments November 10, 2004 Ryan M. Hurst Alex Deacon.
Certificate Revocation Serge Egelman. Introduction What is revocation? Why do we need it? What is currently being done?

Certificate Revocation Serge Egelman. Introduction What is revocation? Why do we need it? What is currently being done?
RPKI Certificate Policy Stephen Kent, Derrick Kong, Ronald Watro, Karen Seo July 21, 2010.

RPKI Certificate Policy Stephen Kent, Derrick Kong, Ronald Watro, Karen Seo July 21, 2010.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
1 eID validations services Houcine Bel Mamoune Unit manager eID Technical Drill down Session 7 April 2005.

1 eID validations services Houcine Bel Mamoune Unit manager eID Technical Drill down Session 7 April 2005.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.

Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.
Slide 1 Many slides from Vitaly Shmatikov, UT Austin Public-Key Infrastructure CNS F2006.

Slide 1 Many slides from Vitaly Shmatikov, UT Austin Public-Key Infrastructure CNS F2006.
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
UNCLASS DoD Public Key Infrastructure LCDR Tom Winnenberg DISA API1 Chief Engineer 25 April 2002.

UNCLASS DoD Public Key Infrastructure LCDR Tom Winnenberg DISA API1 Chief Engineer 25 April 2002.
Certificate Path Building draft-ietf-pkix-certpathbuild-01.txt Peter Hesse Matt Cooper Yuriy Dzambasow Susan Joseph Richard Nicholas.

Certificate Path Building draft-ietf-pkix-certpathbuild-01.txt Peter Hesse Matt Cooper Yuriy Dzambasow Susan Joseph Richard Nicholas.
Online AAI José A. Montenegro GISUM Group Security Information Section University of Malaga Malaga (Spain) Web:

Online AAI José A. Montenegro GISUM Group Security Information Section University of Malaga Malaga (Spain) Web:
Status Update for Algorithm Transition for the RPKI (draft-ietf-sidr-algorithm-agility) Steve Kent Roque Gagliano Sean Turner.

Status Update for Algorithm Transition for the RPKI (draft-ietf-sidr-algorithm-agility) Steve Kent Roque Gagliano Sean Turner.
Josh Benaloh Brian LaMacchia Winter 2011. Side-Channel Attacks Breaking a cryptosystem is a frontal attack, but there may be easier access though a side.

Josh Benaloh Brian LaMacchia Winter Side-Channel Attacks Breaking a cryptosystem is a frontal attack, but there may be easier access though a side.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
Active Directory ® Certificate Services Infrastructure Planning and Design Published: June 2010 Updated: November 2011.

Active Directory ® Certificate Services Infrastructure Planning and Design Published: June 2010 Updated: November 2011.
Assuring e-Trust always www.certiver.com 1 Status of the Validation and Authentication service for TACAR and Grids.

Assuring e-Trust always 1 Status of the Validation and Authentication service for TACAR and Grids.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.

Similar presentations

Ads by Google