RFC 2560PKI OCSP.docx
《RFC 2560PKI OCSP.docx》由会员分享,可在线阅读,更多相关《RFC 2560PKI OCSP.docx(26页珍藏版)》请在冰豆网上搜索。
![RFC 2560PKI OCSP.docx](https://file1.bdocx.com/fileroot1/2023-1/14/ba965563-4e0f-4056-b507-97ec6082217d/ba965563-4e0f-4056-b507-97ec6082217d1.gif)
RFC2560PKIOCSP
NetworkWorkingGroupM.Myers
RequestforComments:
2560VeriSign
Category:
StandardsTrackR.Ankney
CertCo
A.Malpani
ValiCert
S.Galperin
MyCFO
C.Adams
EntrustTechnologies
June1999
X.509InternetPublicKeyInfrastructure
OnlineCertificateStatusProtocol-OCSP
StatusofthisMemo
ThisdocumentspecifiesanInternetstandardstrackprotocolforthe
Internetcommunity,andrequestsdiscussionandsuggestionsfor
improvements.Pleaserefertothecurrenteditionofthe"Internet
OfficialProtocolStandards"(STD1)forthestandardizationstate
andstatusofthisprotocol.Distributionofthismemoisunlimited.
CopyrightNotice
Copyright(C)TheInternetSociety(1999).AllRightsReserved.
1.Abstract
Thisdocumentspecifiesaprotocolusefulindeterminingthecurrent
statusofadigitalcertificatewithoutrequiringCRLs.Additional
mechanismsaddressingPKIXoperationalrequirementsarespecifiedin
separatedocuments.
Anoverviewoftheprotocolisprovidedinsection2.Functional
requirementsarespecifiedinsection4.Detailsoftheprotocolare
insection5.Wecoversecurityissueswiththeprotocolinsection
6.AppendixAdefinesOCSPoverHTTP,appendixBaccumulatesASN.1
syntacticelementsandappendixCspecifiesthemimetypesforthe
messages.
Thekeywords"MUST","MUSTNOT","REQUIRED","SHALL","SHALLNOT",
"SHOULD","SHOULDNOT","RECOMMENDED","MAY",and"OPTIONAL"inthis
document(inuppercase,asshown)aretobeinterpretedasdescribed
in[RFC2119].
Myers,etal.StandardsTrack[Page1]
RFC2560PKIXOCSPJune1999
2.ProtocolOverview
InlieuoforasasupplementtocheckingagainstaperiodicCRL,it
maybenecessarytoobtaintimelyinformationregardingthe
revocationstatusofacertificate(cf.[RFC2459],Section3.3).
Examplesincludehigh-valuefundstransferorlargestocktrades.
TheOnlineCertificateStatusProtocol(OCSP)enablesapplicationsto
determinethe(revocation)stateofanidentifiedcertificate.OCSP
maybeusedtosatisfysomeoftheoperationalrequirementsof
providingmoretimelyrevocationinformationthanispossiblewith
CRLsandmayalsobeusedtoobtainadditionalstatusinformation.An
OCSPclientissuesastatusrequesttoanOCSPresponderandsuspends
acceptanceofthecertificateinquestionuntiltheresponder
providesaresponse.
Thisprotocolspecifiesthedatathatneedstobeexchangedbetween
anapplicationcheckingthestatusofacertificateandtheserver
providingthatstatus.
2.1Request
AnOCSPrequestcontainsthefollowingdata:
--protocolversion
--servicerequest
--targetcertificateidentifier
--optionalextensionswhichMAYbeprocessedbytheOCSPResponder
Uponreceiptofarequest,anOCSPResponderdeterminesif:
1.themessageiswellformed
2.theresponderisconfiguredtoprovidetherequestedserviceand
3.therequestcontainstheinformationneededbytheresponderIf
anyoneofthepriorconditionsarenotmet,theOCSPresponder
producesanerrormessage;otherwise,itreturnsadefinitive
response.
2.2Response
OCSPresponsescanbeofvarioustypes.AnOCSPresponseconsistsof
aresponsetypeandthebytesoftheactualresponse.Thereisone
basictypeofOCSPresponsethatMUSTbesupportedbyallOCSP
serversandclients.Therestofthissectionpertainsonlytothis
basicresponsetype.
Myers,etal.StandardsTrack[Page2]
RFC2560PKIXOCSPJune1999
AlldefinitiveresponsemessagesSHALLbedigitallysigned.Thekey
usedtosigntheresponseMUSTbelongtooneofthefollowing:
--theCAwhoissuedthecertificateinquestion
--aTrustedResponderwhosepublickeyistrustedbytherequester
--aCADesignatedResponder(AuthorizedResponder)whoholdsa
speciallymarkedcertificateissueddirectlybytheCA,indicating
thattherespondermayissueOCSPresponsesforthatCA
Adefinitiveresponsemessageiscomposedof:
--versionoftheresponsesyntax
--nameoftheresponder
--responsesforeachofthecertificatesinarequest
--optionalextensions
--signaturealgorithmOID
--signaturecomputedacrosshashoftheresponse
Theresponseforeachofthecertificatesinarequestconsistsof
--targetcertificateidentifier
--certificatestatusvalue
--responsevalidityinterval
--optionalextensions
Thisspecificationdefinesthefollowingdefinitiveresponse
indicatorsforuseinthecertificatestatusvalue:
--good
--revoked
--unknown
The"good"stateindicatesapositiveresponsetothestatusinquiry.
Ataminimum,thispositiveresponseindicatesthatthecertificate
isnotrevoked,butdoesnotnecessarilymeanthatthecertificate
waseverissuedorthatthetimeatwhichtheresponsewasproduced
iswithinthecertificate'svalidityinterval.Responseextensions
maybeusedtoconveyadditionalinformationonassertionsmadeby
theresponderregardingthestatusofthecertificatesuchas
positivestatementaboutissuance,validity,etc.
The"revoked"stateindicatesthatthecertificatehasbeenrevoked
(eitherpermanantlyortemporarily(onhold)).
The"unknown"stateindicatesthattheresponderdoesn'tknowabout
thecertificatebeingrequested.
Myers,etal.StandardsTrack[Page3]
RFC2560PKIXOCSPJune1999
2.3ExceptionCases
Incaseoferrors,theOCSPRespondermayreturnanerrormessage.
Thesemessagesarenotsigned.Errorscanbeofthefollowingtypes:
--malformedRequest
--internalError
--tryLater
--sigRequired
--unauthorized
Aserverproducesthe"malformedRequest"responseiftherequest
receiveddoesnotconformtotheOCSPsyntax.
Theresponse"internalError"indicatesthattheOCSPresponder
reachedaninconsistentinternalstate.Thequeryshouldberetried,
potentiallywithanotherresponder.
IntheeventthattheOCSPresponderisoperational,butunableto
returnastatusfortherequestedcertificate,the"tryLater"
responsecanbeusedtoindicatethattheserviceexists,butis
temporarilyunabletorespond.
Theresponse"sigRequired"isreturnedincaseswheretheserver
requirestheclientsigntherequestinordertoconstructa
response.
Theresponse"unauthorized"isreturnedincaseswheretheclientis
notauthorizedtomakethisquerytothisserver.
2.4SemanticsofthisUpdate,nextUpdateandproducedAt
Responsescancontainthreetimesinthem-thisUpdate,nextUpdate
andproducedAt.Thesemanticsofthesefieldsare:
-thisUpdate:
Thetimeatwhichthestatusbeingindicatedisknown
tobecorrect
-nextUpdate:
Thetimeatorbeforewhichnewerinformationwillbe
availableaboutthestatusofthecertificate
-producedAt:
ThetimeatwhichtheOCSPrespondersignedthis
response.
IfnextUpdateisnotset,theresponderisindicatingthatnewer
revocationinformationisavailableallthetime.
Myers,etal.StandardsTrack[Page4]
RFC2560PKIXOCSPJune1999
2.5ResponsePre-production
OCSPrespondersMAYpre-producesignedresponsesspecifyingthe
statusofcertificatesataspecifiedtime.Thetimeatwhichthe
statuswasknowntobecorrectSHALLbereflectedinthethisUpdate
fieldoftheresponse.Thetimeatorbeforewhichnewerinformation
willbeavailableisreflectedinthenextUpdatefield,whilethe
timeatwhichtheresponsewasproducedwillappearintheproducedAt
fieldoftheresponse.
2.6OCSPSignatureAuthorityDelegation
Thekeythatsignsacertificate'sstatusinformationneednotbethe
samekeythatsignedthecertificate.Acertificate'sissuer
explicitlydelegatesOCSPsigningauthoritybyissuingacertificate
containingauniquevalueforextendedKeyUsageintheOCSPsigner's
certificate.ThiscertificateMUSTbeissueddirectlytothe
responderbythecognizantCA.
2.7CAKeyCompromise
IfanOCSPresponderknowsthataparticularCA'sprivatekeyhas
beencompromised,itMAYreturntherevokedstateforall
certificatesissuedbythatCA.
3.FunctionalRequirements
3.1CertificateContent
InordertoconveytoOCSPclientsawell-knownpointofinformation
access,CAsSHALLprovidethecapabilitytoincludethe
AuthorityInfoAccessextension(definedin[RFC2459],section4.2.2.1)
incertificatesthatcanbecheckedusingOCSP.Alternatively,the
accessLocationfortheOCSPprovidermaybeconfiguredlocallyatthe
OCSPclient.
CAsthatsupportanOCSPservice,eitherhostedlocallyorprovided
byanAuthorizedResponder,MUSTprovidefortheinclusionofavalue
forauniformResourceIndicator(URI)accessLocationandtheOIDvalue
id-ad-ocspfortheaccessMethodintheAccessDescriptionSEQUENCE.
ThevalueoftheaccessLocationfieldinthesubjectcertificate
definesthetransport(e.g.HTTP)usedtoaccesstheOCSPresponder
andmaycontainothertransportdependentinformation(e.g.aURL).
Myers,etal.StandardsTrack[Page5]
RFC2560PKIXOCSPJune1999
3.2SignedResponseAcceptanceRequirements
Priortoacceptingasignedresponseasvalid,OCSPclientsSHALL
confirmthat:
1.Thecertificateidentifiedinareceivedresponsecorrespondsto
thatwhichwasidentifiedinthecorrespondingrequest;
2.Thesignatureontheresponseisvalid;
3.Theidentityofthesignermatchestheintendedrecipientofthe
request.
4.Thesigneriscurrentlyauthorizedtosigntheresponse.
5.Thetimeatwhichthestatusbeingindicatedisknowntobe
correct(thisUpdate)issufficientlyrecent.
6.Whenavailable,thetimeatorbeforewhichnewerinformationwill
beavailableaboutthestatusofthecertificate(nextUpdate)is
greaterthanthecurrenttime.
4.DetailedProtocol
TheASN.1syntaximportstermsdefin