Server-Based Certificate Validation Protocol (SCVP)
RFC 5055
Document | Type |
RFC - Proposed Standard
(December 2007; No errata)
Was draft-ietf-pkix-scvp (pkix WG)
|
|
---|---|---|---|
Authors | Tim Polk , Dave Cooper , Russ Housley , Ambarish Malpani , Trevor Freeman | ||
Last updated | 2015-10-14 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 5055 (Proposed Standard) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Sam Hartman | ||
Send notices to | (None) |
Network Working Group T. Freeman Request for Comments: 5055 Microsoft Corp Category: Standards Track R. Housley Vigil Security A. Malpani Malpani Consulting Services D. Cooper W. Polk NIST December 2007 Server-Based Certificate Validation Protocol (SCVP) Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract The Server-Based Certificate Validation Protocol (SCVP) allows a client to delegate certification path construction and certification path validation to a server. The path construction or validation (e.g., making sure that none of the certificates in the path are revoked) is performed according to a validation policy, which contains one or more trust anchors. It allows simplification of client implementations and use of a set of predefined validation policies. Table of Contents 1. Introduction ....................................................4 1.1. Terminology ................................................4 1.2. SCVP Overview ..............................................5 1.3. SCVP Requirements ..........................................5 1.4. Validation Policies ........................................6 1.5. Validation Algorithm .......................................7 1.6. Validation Requirements ....................................8 2. Protocol Overview ...............................................9 3. Validation Request ..............................................9 3.1. cvRequestVersion ..........................................12 3.2. query .....................................................12 3.2.1. queriedCerts .......................................13 3.2.2. checks .............................................15 Freeman, et al. Standards Track [Page 1] RFC 5055 SCVP December 2007 3.2.3. wantBack ...........................................16 3.2.4. validationPolicy ...................................19 3.2.4.1. validationPolRef ..........................20 3.2.4.1.1. Default Validation Policy ......21 3.2.4.2. validationAlg .............................22 3.2.4.2.1. Basic Validation Algorithm .....22 3.2.4.2.2. Basic Validation Algorithm Errors ...............23 3.2.4.2.3. Name Validation Algorithm ......24 3.2.4.2.4. Name Validation Algorithm Errors ...............25 3.2.4.3. userPolicySet .............................26 3.2.4.4. inhibitPolicyMapping ......................26 3.2.4.5. requireExplicitPolicy .....................27 3.2.4.6. inhibitAnyPolicy ..........................27 3.2.4.7. trustAnchors ..............................27 3.2.4.8. keyUsages .................................28 3.2.4.9. extendedKeyUsages .........................28 3.2.4.10. specifiedKeyUsages .......................29 3.2.5. responseFlags ......................................30 3.2.5.1. fullRequestInResponse .....................30 3.2.5.2. responseValidationPolByRef ................30 3.2.5.3. protectResponse ...........................31 3.2.5.4. cachedResponse ............................31 3.2.6. serverContextInfo ..................................32 3.2.7. validationTime .....................................32 3.2.8. intermediateCerts ..................................33 3.2.9. revInfos ...........................................34 3.2.10. producedAt ........................................35 3.2.11. queryExtensions ...................................35 3.2.11.1. extnID ...................................35Show full document text