A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - X

OCSP response

Click on the red underlined text to get to the source

... OCSP [RFC2560] offers a useful alternative. The size of an OCSP response is bounded and small and therefore suitable for in-band IKEv2 ...

... OCSP responders and is a request for inclusion of an OCSP response in the IKEv2 handshake ...

... responds with a CERT payload containing the appropriate OCSP response. This content is recognizable via the same "OCSP Content" identifier ...

2. Terminology

... the definition and behavior specified in Section 3.1. OCSP response: An OCSP response ...

... OCSP response: An OCSP response refers to the CERT payload that contains a new ...

3. Extension Definition

... CA, indicating that the responder may issue OCSP responses for that CA ...

... hashes in the CERTREQ message is not needed since the OCSP response is signed by the CA who issued the certificate ...

... CA who issued the certificate. In case of (c), the OCSP response is signed by the CA Designated Responder ...

... OCSP Response ...

... CERT Payload indicates the presence of an OCSP response in the Certificate Data field ...

... payload. Correlation between an OCSP response CERT payload and a corresponding ...

... payload carrying a certificate can be achieved by matching the OCSP response CertID field to the certificate. See [RFC2560] for the ...

... certificate. See [RFC2560] for the definition of OCSP response content. ...

4. Extension Requirements

... IKEv2]. Upon receipt of an OCSP response CERT payload corresponding to a ...

... CERTREQ sender SHALL incorporate the OCSP response into path validation logic defined by [RFC3280]. ...

... RFC3280]. Note that the lack of an OCSP response CERT payload after sending an ...

... acquire the related OCSP-based assertion and produce and transmit an OCSP response CERT payload corresponding to the certificate ...

... payloads. An OCSP response CERT payload is transmitted separate from any other ...

... IKEv2 exchange. The means by which an OCSP response may be acquired for production of an OCSP response CERT ...

... The means by which an OCSP response may be acquired for production of an OCSP response CERT payload is out of scope of this document. ...

... The Certificate Data field of an OCSP response CERT payload SHALL ...

5. Examples and Discussion

... certificate),--> CERT(OCSP Response), CERTREQ(OCSP ...

... certificate), CERT(OCSP Response), AUTH, SAr2 ...

... payload carrying its certificate and an OCSP response CERT payload covering that certificate ...

... certificate. In (3), Initiator also requests an OCSP response via the OCSP request CERTREQ ...

... Responder returns its certificate and a separate OCSP response CERT payload covering that certificate ...

... OCSP Requests are simply index values into these data. Thus, it is easily inferred that OCSP responses can be produced in the absence of a corresponding request (provided that OCSP nonces ...

... certificate), CERT(OCSP Response), AUTH, EAP ...

6. Security Considerations

... 3.1, is used in place of an OCSP request syntax to trigger production and transmission of an OCSP response. OCSP, as defined in [RFC2560], ...

... replay attack and the costs associated with its successful execution." Nodes SHOULD make the required freshness of an OCSP response configurable. ...

A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - X

Previous | Next

Frontpage | Contents | Keywords

RFC-Ref.org

Sister Sites

Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org