Presentation is loading. Please wait.

Presentation is loading. Please wait.

Online Certificate Status Protocol ‘OCSP’ Dave Hirose July 15 2004 Outline: What is OCSP? Digital Signatures Certificate Revocation List Technical aspects.

Published byLaureen Andrews Modified over 9 years ago

Similar presentations

Presentation on theme: "Online Certificate Status Protocol ‘OCSP’ Dave Hirose July 15 2004 Outline: What is OCSP? Digital Signatures Certificate Revocation List Technical aspects."— Presentation transcript:

1 Online Certificate Status Protocol ‘OCSP’ Dave Hirose July 15 2004 Outline: What is OCSP? Digital Signatures Certificate Revocation List Technical aspects of OCSP Types of OCSP Conclusions

2 OCSP & Digital Signatures OCSP is a protocol used to verify the status of digital signatures Digital Signatures

3 Certificate Status Certificate Revocation Lists & OCSP

4 Technical details of OCSP Request Protocol version Service request Target certificate identifier Optional extensions which may be processed by the OCSP Response Version Responder’s name Responses for each of the certificates in the request Possible Responses: Good Revoked Unknown

5 Types of OCSP Trusted Distributed

6 Conclusion Can be useful in certain situations. Suitable for highly sensitive or high valued information Weigh the risk of not using real time verification against the cost of using and implementing it Should consider checking the CRL directly for revoked certifications. OCSP is not infallible. Since the revocation lists are not locked. If real time verification of certificates is imperative and you have a high volume complicated system, you should consider using a vendor specializing in digital certificate validation

7 Online Certificate Status Protocol Questions?

Download ppt "Online Certificate Status Protocol ‘OCSP’ Dave Hirose July 15 2004 Outline: What is OCSP? Digital Signatures Certificate Revocation List Technical aspects."

Similar presentations

An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University.

An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
A Framework for Distributed OCSP without Responders Certificate

A Framework for Distributed OCSP without Responders Certificate
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Lightweight OCSP Profile for High Volume Environments November 10, 2004 Ryan M. Hurst Alex Deacon.

Lightweight OCSP Profile for High Volume Environments November 10, 2004 Ryan M. Hurst Alex Deacon.
CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.

CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.
Certificate Revocation Serge Egelman. Introduction What is revocation? Why do we need it? What is currently being done?

Certificate Revocation Serge Egelman. Introduction What is revocation? Why do we need it? What is currently being done?
Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)
Certificates Last Updated: Aug 29, 2013. A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 eID validations services Houcine Bel Mamoune Unit manager eID Technical Drill down Session 7 April 2005.

1 eID validations services Houcine Bel Mamoune Unit manager eID Technical Drill down Session 7 April 2005.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Report on Attribute Certificates By Ganesh Godavari.

Report on Attribute Certificates By Ganesh Godavari.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
Slide 1 Many slides from Vitaly Shmatikov, UT Austin Public-Key Infrastructure CNS F2006.

Slide 1 Many slides from Vitaly Shmatikov, UT Austin Public-Key Infrastructure CNS F2006.
An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.

An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.
PKIs  To use public key methods, an organization must establish a comprehensive Public Key Infrastructure (PKI) A PKI automates most aspects of using.

PKIs  To use public key methods, an organization must establish a comprehensive Public Key Infrastructure (PKI) A PKI automates most aspects of using.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

Similar presentations

Ads by Google