Skip to main content

OCSP LocationCheck certificate extension Update to OCSP < draft-pinkas-2560bis-ocsp-locationcheck-00.txt >
draft-pinkas-2560bis-ocsp-locationcheck-00

Document Type Expired Internet-Draft (individual)
Expired & archived
Author Denis Pinkas
Last updated 2013-03-29 (Latest revision 2012-09-25)
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

RFC 2560 [RFC2560] allows CAs to designate one or more OCSP Responders for being responsible to provide the revocation status of the certificates they issue under a given CA key. This document introduces a new feature that allows allows CAs to split the workload between different sets of OCSP Responders in a way that is analogous to the way CRLs can be split between different sets of CRL issuers (using the cRLDistributionPoints extension). This new feature allows a CA to designate one or more OCSP Responders for being responsible to provide the revocation status for a subset of the certificates they issue under a given CA key. This document defines a critical extension that may only be placed in an OCSP certificate and the way it shall be processed by OCSP clients.

Authors

Denis Pinkas

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)