60 likes | 98 Views
OCSP Requirements. GGF13. Refreshener. OCSP = Online Certificate Status Protocol (RFC2560) Removes(?) burden of CRL distribution and update Clients still have to do path validation! Lightweight request/response (HTTP). Changes since last time. Document “finish” applied
E N D
OCSP Requirements GGF13
Refreshener • OCSP = Online Certificate Status Protocol (RFC2560) • Removes(?) burden of CRL distribution and update • Clients still have to do path validation! • Lightweight request/response (HTTP)
Changes since last time • Document “finish” applied • Missing sections added • Complete reformat • Corrections based on (marginal) feedback • Last week • Additional comments from Spain
Updated architecture Periodic CRL download OCSP protocol CA Push, Delta CRLs site/organization boundary CA CA OCSPcache CRLcache OCSPclient AuthorizedResponder TrustedResponder CA OCSP client CA CA CA CA PMA TrustedResponder
Outstanding issues • Signed requests • Stronger differentiation on suspension vs revocation • Use of OCSP response extensions to convey additional (validation) information • More wording on Delta CRLs • Notion of a caution period (RFC3125)
Moving forward • Address the Spanish contributions • Move towards WG last call • Have document in public comment before GGF14