The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. It is described in RFC 2560 and is on the Internet standards track. It was created as an alternative to certificate revocation lists (CRL), specifically addressing certain problems associated with using CRLs in a public key infrastructure (PKI). Messages communicated via OCSP are encoded in ASN.1 and are usually communicated over HTTP. The "request/response" nature of these messages leads to OCSP servers being termed OCSP responders. The Internet Protocol (IP) is a data-oriented protocol used for communicating data across a packet-switched internetwork. ... In cryptography, X.509 is an ITU-T standard for public key infrastructure (PKI). ... In cryptography, a public key certificate (or identity certificate) is a certificate which uses a digital signature to bind together a public key with an identity — information such as a the name of a person or an organisation, their address, and so forth. ... Internet standards are defined by the Internet Engineering Task Force (IETF). ... In the operation of some cryptosystems, usually public key infrastructures (PKIs), a certificate revocation list (CRL) is a list of certificates (more accurately: their serial numbers) which have been revoked, are no longer valid, and should not be relied upon by any system user. ... In cryptography, a public key infrastructure (PKI) is an arrangement that provides for trusted third party vetting of, and vouching for, user identities. ... In telecommunications and computer networking abstract syntax notation one (ASN.1) is a standard, flexible method that describes data structures for representing, encoding, transmitting, and decoding data. ... HTTP (for HyperText Transfer Protocol) is the primary method used to convey information on the World Wide Web. ... In information technology, a server is a computer system that provides services to other computing systems—called clients—over a network. ...

Advantages over CRLs

When deploying a PKI, certificate validation using OCSP may be preferred over the use of CRLs for several reasons:

• OCSP can provide more timely information regarding the revocation status of a certificate.
• OCSP removes the need for clients to retrieve the (sometimes very large) CRLs themselves, leading to less network traffic and better bandwidth management.
• Using OCSP, clients do not need to parse CRLs themselves, saving client-side complexity.
• An OCSP responder may implement billing mechanisms to pass the cost of validation transactions to the seller, rather than buyer.
• CRLs may be seen as analogous to a credit card company's "bad customer list" -- an unnecessarily public exposure.
• To a degree, OCSP supports trusted chaining of OCSP requests between responders. This allows clients to communicate with a trusted responder to query an alternate responder, saving client-side complexity.

In computing, a client is a system that accesses a (remote) service on another computer by some kind of network. ... In grammar and linguistics, parsing is the process by which a person makes sense of a sentence, usually by breaking it down into words or phrases. ... Credit cards A credit card system is a type of retail transaction settlement and credit system, named after the small plastic card issued to users of the system. ...

Basic PKI implementation

1. Alice and Bob have public key certificates issued by Ivan, the Certificate Authority (CA).
2. Alice wishes to perform a transaction with Bob and sends him her public key certificate.
3. Bob, concerned that Alice's private key may have been compromised, creates an 'OCSP request' that contains a fingerprint of Alice's public key and sends it to Ivan.
4. Ivan's OCSP responder looks up the revocation status of Alice's certificate (using the fingerprint Bob created) in his own CA database. If Alice's private key had been compromised, this is the only trusted location at which the fact would be recorded.
5. Ivan's OCSP responder confirms that Alice's certificate is still OK, and returns a signed, successful 'OCSP response' to Bob.
6. Bob cryptographically verifies the signed response (He has Ivan's public key on-hand -- Ivan is a trusted responder) and ensures that it was produced recently.
7. Bob completes the transaction with Alice.

The names Alice and Bob are commonly used placeholders for archetypal characters in fields such as cryptography and physics. ... In cryptography, a public key certificate (or identity certificate) is a certificate which uses a digital signature to bind together a public key with an identity — information such as the name of a person or an organization, their address, and so forth. ... In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. ... In cryptography, a cryptographic hash function is a hash function with certain additional security properties to make it suitable for use as a primitive in various information security applications, such as authentication and message integrity. ... Digital signature is a term with confusing reference. ...

Protocol details

An OCSP responder may return a signed response signifying that the certificate specified in the request is 'good', 'revoked' or 'unknown'. If it cannot process the request, it may return an error code.

The OCSP request format supports additional extensions. This enables extensive customization to a particular PKI scheme.

OCSP can be resistant to replay attacks, where a signed, 'good' response is captured by a malicious intermediary and replayed to the client at a later date after the subject certificate may have been revoked. OCSP overcomes this by allowing a nonce to be included in the request that must be included in the corresponding response. A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. ... In security engineering, a nonce is a number used once. ...

However, the replay attack, while a possibility, is not a major threat to validation systems. This is due to the steps it takes to actually exploit this weakness. The attacker would have to be in a position to

1. capture the traffic and subsequently replay that traffic,
2. capture the status of a certificate whose status is about to change and
3. conduct a transaction requiring the status of that certificate within the time frame of the validity of the response.

Since it is not often that a revoked certificate is unrevoked (only if it is suspended is it even possible) a person would have to capture a good response and wait until the certificate was revoked then replay it.

OCSP can support more than one level of CA. OCSP requests may be chained between peer responders to query the issuing CA appropriate for the subject certificate, with responders validating each other's responses against the root CA using their own OCSP requests.

An OCSP responder may be queried for revocation information by delegated path validation (DPV) servers. OCSP does not, by itself, perform any DPV of supplied certificates. Delegated Path Validation (DPV) is a method for offloading to a trusted server the work involved in validating a public key certificate. ...

Vendor implementations

Vendor implementations of the OCSP protocol include:

• Ascertia's TrustFinderOCSP www.ascertia.com
• Red Hat's Red Hat Certificate Management System
• Baltimore Technologies' KeyTools
• Bloombase Technologies' Spitfire KeyCastle
• Computer Associates' eTrust OCSPro
• CoreStreet's Validation Authority
• GemPlus GemSAFE eSigner
• Kyberpass TrustPlatform
• Mozilla's Network Security Services
• Netegrity SiteMinder (See Computer Associates)
• The OpenSSL toolkit.
• RSA Security's Keon Certificate Authority
• Sun Microsystems' Sun ONE Identity Server
• Tumbleweed Communications' Valicert Validation Authority
• VeriSign's OCSP Responder Service
• Safelayer KeyOne VA
• The OpenCA OCSP Responder
• strongSwan's OCSP Client for IPsec

Red Hat, Inc. ... Baltimore Technologies is an internet security firm founded in the late 1990s by Fran Rooney. ... Bloombase Technologies develops and markets a complete basket of enterprise information security solutions to address these security issues. ... CA, Inc. ... Mozilla is a computer term which has had many different uses, though all of them have been related to the now-defunct Netscape Communications Corporation and its related application software. ... CA, Inc. ... OpenSSL is an open source implementation of the SSL and TLS protocols. ... RSA, The Security Division of EMC Corporation (NYSE: EMC), is headquartered in Bedford, Massachusetts, and maintains offices in Ireland, the United Kingdom, Singapore, and Japan. ... Sun Microsystems, Inc. ... VeriSign, Inc. ... strongSwan is a complete IPsec implementation for Linux 2. ...

External links

• OpenValidation has a detailed market overview, interoperability information and other development resources related to on-line validation, the site is just outdated (no linkcheck) and apparently commercially driven.
• Enterprise Trust Integration and Web Services Security standars