Online Certificate Status Protocol Algorithm Agility

Santesson, Stefan; Hallam-Baker, Phillip

doi:10.17487/rfc6277

Cited by 8 publications

(10 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Additional mechanisms addressing PKIX operational requirements are specified in separate documents. This specification obsoletes [RFC2560] and [RFC6277]. The primary reason for the publication of this document is to address ambiguities that have been found since the publication of RFC 2560.…”

Section: Introductionmentioning

confidence: 99%

“…o Section 4.3 changes the set of cryptographic algorithms that clients must support and the set of cryptographic algorithms that clients should support as specified in [RFC6277].…”

Section: Introductionmentioning

confidence: 99%

“…o Section 4.4.7 specifies a new extension that may be included in a request message to specify signature algorithms the client would prefer the server use to sign the response as specified in [RFC6277].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP

Myers¹,

Ankney²,

Malpani³

et al. 2013

Self Cite

353

121

View full text Add to dashboard Cite

show abstract

Section: Introductionmentioning

confidence: 99%

“…o Section 4.3 changes the set of cryptographic algorithms that clients must support and the set of cryptographic algorithms that clients should support as specified in [RFC6277].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP

Myers¹,

Ankney²,

Malpani³

et al. 2013

Self Cite

353

121

View full text Add to dashboard Cite

show abstract

“…If there are no more communication media than the own VANET, no trusted-third parties (like the corresponding CA) can be assumed to be permanently available. Thus, online certificate status protocol (OCSP) [28] or, in general, any online solution is not suitable for this context. Several CRLs distribution protocols have been proposed for this purpose.…”

Section: Introductionmentioning

confidence: 99%

BECSI: Bandwidth Efficient Certificate Status Information Distribution Mechanism for VANETs

Gañán

Muñoz

Esparza

et al. 2013

Mobile Information Systems

View full text Add to dashboard Cite

Abstract. Certificate revocation is a challenging task, especially in mobile network environments such as vehicular ad Hoc networks (VANETs). According to the IEEE 1609.2 security standard for VANETs, public key infrastructure (PKI) will provide this functionality by means of certificate revocation lists (CRLs). When a certificate authority (CA) needs to revoke a certificate, it globally distributes CRLs. Transmitting these lists pose a problem as they require high update frequencies and a lot of bandwidth. In this article, we propose BECSI, a Bandwidth Efficient Certificate Status Information mechanism to efficiently distribute certificate status information (CSI) in VANETs. By means of Merkle hash trees (MHT), BECSI allows to retrieve authenticated CSI not only from the infrastructure but also from vehicles acting as mobile repositories. Since these MHTs are significantly smaller than the CRLs, BECSI reduces the load on the CSI repositories and improves the response time for the vehicles. Additionally, BECSI improves the freshness of the CSI by combining the use of delta-CRLs with MHTs. Thus, vehicles that have cached the most current CRL can download delta-CRLs to have a complete list of revoked certificates. Once a vehicle has the whole list of revoked certificates, it can act as mobile repository.

show abstract

“…In the process of dealing with the Online Certificate Status Protocol (OCSP) agility issues in [RFC6277], it was noted that we really wanted to describe information to be used in selecting a public key, but we did not have any way of doing so. This document fills that hole by defining a set of Secure/Multipurpose Internet Mail Extensions (S/MIME) Capability types for a small set of public key representations.…”

Section: Introductionmentioning

confidence: 99%

S/MIME Capabilities for Public Key Definitions

Schaad¹

2012

View full text Add to dashboard Cite

show abstract

Online Certificate Status Protocol Algorithm Agility

Cited by 8 publications

References 0 publications

X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP

X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP

BECSI: Bandwidth Efficient Certificate Status Information Distribution Mechanism for VANETs

S/MIME Capabilities for Public Key Definitions

Contact Info

Product

Resources

About