OCSP over DNS
draft-pala-rea-ocsp-over-dns-00
Document | Type |
Replaced Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Authors | Massimiliano Pala , Scott A. Rea | ||
Last updated | 2013-01-26 (Latest revision 2012-07-25) | ||
Replaced by | draft-pala-odin | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | WG state | (None) | |
Document shepherd | (None) | ||
IESG | IESG state | Replaced by draft-pala-odin | |
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
One of the most strategic problems for Internet Certification Authorities (ICAs) is the provisioning of revocation information in an efficient way. Current approaches for the distribution of OCSP responses over HTTP do not provide efficient solutions for the high volume of traffic that Internet CAs face when providing services for highly utilized websites. This document describes a new transport protocol for OCSP responses to efficiently provide revocation information about digital certificates. In particular, this specification defines how to distribute OCSP responses over DNS and how to define OCSP-over-DNS URLs in certificates. The use of the DNS system to distribute such information is meant to lower the costs of providing revocation services and increase the availability of revocation information by using the distributed nature of the DNS infrastructure.
Authors
Massimiliano Pala
Scott A. Rea
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)