Online Certificate Status Protocol


Online Certificate Status Protocol

The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. It is described in RFC 2560 and is on the Internet standards track. It was created as an alternative to certificate revocation lists (CRL), specifically addressing certain problems associated with using CRLs in a public key infrastructure (PKI). Messages communicated via OCSP are encoded in ASN.1 and are usually communicated over HTTP. The "request/response" nature of these messages leads to OCSP servers being termed OCSP responders.

Contents

Comparison to CRLs

  • Since an OCSP response contains less information than a typical CRL (certificate revocation list), OCSP can feasibly provide more timely information regarding the revocation status of a certificate without burdening the network. However, the greater number of requests and connection overhead may overwhelm this benefit if the client does not cache responses.
  • Using OCSP, clients do not need to parse CRLs themselves, saving client-side complexity. However, this is balanced by the practical need to maintain a cache. In practice, such considerations are of little consequence, since most applications rely on third-party libraries for all X.509 functions.
  • CRLs may be seen as analogous to a credit card company's "bad customer list" – an unnecessary public exposure.
  • OCSP discloses to the responder that a particular network host used a particular certificate at a particular time. OCSP does not mandate encryption, so this information also may be intercepted by other parties.

Basic PKI implementation

  1. Alice and Bob have public key certificates issued by Ivan, the Certificate Authority (CA).
  2. Alice wishes to perform a transaction with Bob and sends him her public key certificate.
  3. Bob, concerned that Alice's private key may have been compromised, creates an 'OCSP request' that contains Alice's certificate serial number and sends it to Ivan.
  4. Ivan's OCSP responder reads the certificate serial number from Bob's request. The OCSP responder uses the certificate serial number to look up the revocation status of Alice's certificate. The OCSP responder looks in a CA database that Ivan maintains. In this scenario, Ivan's CA database is the only trusted location where a compromise to Alice's certificate would be recorded.
  5. Ivan's OCSP responder confirms that Alice's certificate is still OK, and returns a signed, successful 'OCSP response' to Bob.
  6. Bob cryptographically verifies Ivan's signed response. Bob has stored Ivan's public key sometime before this transaction. Bob uses Ivan's public key to verify Ivan's response.
  7. Bob completes the transaction with Alice.

Protocol details

An OCSP responder may return a signed response signifying that the certificate specified in the request is 'good', 'revoked' or 'unknown'. If it cannot process the request, it may return an error code.

The OCSP request format supports additional extensions. This enables extensive customization to a particular PKI scheme.

OCSP can be vulnerable to replay attacks, where a signed, 'good' response is captured by a malicious intermediary and replayed to the client at a later date after the subject certificate may have been revoked. OCSP overcomes this by allowing a nonce to be included in the request that must be included in the corresponding response. However, since most OCSP responders and clients do not support or use the nonce extension and Certificate Authorities (CAs) issue responses with a validity period of multiple days, the replay attack is a major threat to validation systems.

OCSP can support more than one level of CA. OCSP requests may be chained between peer responders to query the issuing CA appropriate for the subject certificate, with responders validating each other's responses against the root CA using their own OCSP requests.

An OCSP responder may be queried for revocation information by delegated path validation (DPV) servers. OCSP does not, by itself, perform any DPV of supplied certificates.

The key that signs a response need not be the same key that signed the certificate. The certificate's issuer may delegate another authority to be the OCSP responder. In this case, the responder's certificate (the one that is used to sign the response) must be issued by the issuer of the certificate in question, and must include a certain extension that marks it as an OCSP signing authority (more precisely, an extended key usage extension with the OID {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) keyPurpose(3) ocspSigning(9)})

Browser support

See also

References

External links


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Online Certificate Status Protocol — (OCSP ou en français protocole de vérification en ligne de certificat) est un protocole Internet utilisé pour valider un certificat numérique X.509. OCSP est standardisé par l IETF dans la RFC 2560. Ce protocole est une alternative réglant… …   Wikipédia en Français

  • Online Certificate Status Protocol — (OCSP) es un método para determinar el estado de revocación de un certificado digital X.509 usando otros medios que no sean el uso de CRL (Listas de Revocación de Certificados). Este protocolo se describe en el RFC 2560 y está en el registro de… …   Wikipedia Español

  • Online Certificate Status Protocol — (OCSP) es un método para determinar el estado de revocación de un certificado digital X.509 usando otros medios que no sean el uso de CRLs (Listas de Revocación de Certificados). Este protocolo se describe en el RFC 2560 y está en el registro de… …   Enciclopedia Universal

  • Online Certificate Status Protocol — Das Online Certificate Status Protocol (OCSP) ist ein Internet Protokoll, das es Clients ermöglicht, den Status von X.509 Zertifikaten bei einem Validierungsdienst abzufragen. Benötigt wird dies bei der Prüfung digitaler Signaturen, bei der… …   Deutsch Wikipedia

  • Online certificate status protocol — Protocole de vérification en ligne de certificat Le protocole de vérification en ligne de certificat OCSP (Online Certificate Status Protocol) est un protocole Internet utilisé pour valider un certificat numérique X.509. C est un standard… …   Wikipédia en Français

  • online certificate status protocol — liudijimų galiojimo patikros protokolas statusas T sritis informatika apibrėžtis Taisyklių rinkinys liudijimo galiojimui patikrinti prisijungus prie tinklo. Kiekvieną kartą prireikus liudijimo, ↑liudijimų tvarkytuvė patikrina, ar tas liudijimas… …   Enciklopedinis kompiuterijos žodynas

  • Simple Certificate Validation Protocol — Das Server based Certificate Validation Protocol (SCVP) ist ein Internet Protokoll, das es Clients ermöglicht, den Aufbau einer X.509 Zertifikatskette und deren Validierung auszulagern. Dies wird vor allem bei Clients, die mit dem Kettenaufbau… …   Deutsch Wikipedia

  • Standard Certificate Validation Protocol — Das Server based Certificate Validation Protocol (SCVP) ist ein Internet Protokoll, das es Clients ermöglicht, den Aufbau einer X.509 Zertifikatskette und deren Validierung auszulagern. Dies wird vor allem bei Clients, die mit dem Kettenaufbau… …   Deutsch Wikipedia

  • Certificate revocation list — In the operation of some cryptosystems, usually public key infrastructures (PKIs), a certificate revocation list (CRL) is a list of certificates (or more specifically, a list of serial numbers for certificates) that have been revoked or are no… …   Wikipedia

  • Certificate Revocation List — Eine Zertifikatsperrliste (engl. Certificate Revocation List – CRL) ist eine Liste, die die Ungültigkeit von Zertifikaten beschreibt. Sie ermöglicht es, festzustellen, ob ein Zertifikat gesperrt oder widerrufen wurde und warum. Zertifikate werden …   Deutsch Wikipedia