Server-Based Certificate Validation Protocol (SCVP)

Freeman, Trevor; Malpani, A.; Cooper, David A.; Housley, Russell

doi:10.17487/rfc5055

Cited by 67 publications

(48 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This PKI does not make provision for use of the Online Certificate Status Protocol (OCSP) [RFC2560] or Server-Based Certificate Validation Protocol (SCVP) [RFC5055]. This is because it is anticipated that the primary RPs (ISPs) will acquire and validate certificates for all participating resource holders.…”

Section: Certificate Status Servicesmentioning

confidence: 99%

Certificate Policy (CP) for the Resource Public Key Infrastructure (RPKI)

Kent¹,

Kong²,

Seo³

et al. 2012

View full text Add to dashboard Cite

This document describes the certificate policy for a Public Key Infrastructure (PKI) used to support attestations about Internet Number Resource (INR) holdings. Each organization that distributes IP addresses or Autonomous System (AS) numbers to an organization will, in parallel, issue a (public key) certificate reflecting this distribution. These certificates will enable verification that the resources indicated in the certificate have been distributed to the holder of the associated private key and that this organization is the current, unique holder of these resources.

show abstract

Section: Certificate Status Servicesmentioning

confidence: 99%

Certificate Policy (CP) for the Resource Public Key Infrastructure (RPKI)

Kent¹,

Kong²,

Seo³

et al. 2012

View full text Add to dashboard Cite

show abstract

“…The discussions are summarized as RFC 3379 [16]. OCSP [11] and SCVP [9] are also classified as protocols partly delegating validation. Our framework is also classified as delegation.…”

Section: Related Workmentioning

confidence: 99%

Design of Graded Trusts by Using Dynamic Path Validation

Kubo¹,

Satō²

2010

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Abstract. In modern information service architectures, security is one of the most critical criteria. Almost every standard on information security is concerned with internal control of an organization, and particularly with authentication. If an RP (relying party) has valuable information assets, and requires a high level to authentication for accepting access to the valuable assets, then a strong mechanism is required. Here, we focus on a trust model of certificate authentication. Conventionally, a trust model of certificates is defined as a validation of chains of certificates. However, today, this trust model does not function well because of complexity of paths and of requirement of security levels. In this paper, we propose "dynamic path validation," together with another trust model of PKI for controlling this situation. First, we propose Policy Authority. Policy Authority assigns a level of compliance (LoC) to CAs in its domain. LoC is evaluated in terms of a common criteria of Policy Authority. Moreover, it controls the path building with considerations of LoC. Therefore, we can flexibly evaluate levels of CP/CPS's in one server. In a typical bridge model, we need as many bridge CAs as the number of required levels of CP/CPS's. In our framework, instead, we can do the same task in a single server, by which we can save the cost of maintaining lists of trust anchors of multiple levels.

show abstract

“…While OCSP is limited to checking only a certificate's revocation status, a more general-purpose protocol has recently been standardized by the IETF: the Server-based Certificate Validation Protocol (SCVP) [12]. The protocol allows relying parties to delegate certification path construction and validation to a third party.…”

Section: Certificate Revocation Status Checkingmentioning

confidence: 99%

A search engine for the global PKI

Rabinovich¹

2010

J Internet Serv Appl

View full text Add to dashboard Cite

Today the public key technology enjoys wide acceptance and use. Countless network protocols and applications use it to guarantee strong authentication and privacy. Usability and maintainability of this technology remains problematic, however. It is still very cumbersome and timeconsuming to set up an enterprise Public Key Infrastructure (PKI) that has relationships with external parties. The emergence of PKI bridges, while solving one set of problems, created a new one: management of distributed trust became much more difficult. Complexity of the global PKI mesh and its decentralized nature created a need for a service with a unified view of the global PKI. In this paper we propose a PKI search engine that can provide such a service. The engine supports facilities for certificate and certificate revocation list (CRL) discovery, testing and troubleshooting of extra-enterprise PKIs, certificate revocation status lookup, certification path construction and validation, all based on the Internet-mined and user-registered information.

show abstract

Server-Based Certificate Validation Protocol (SCVP)

Cited by 67 publications

References 1 publication

Certificate Policy (CP) for the Resource Public Key Infrastructure (RPKI)

Certificate Policy (CP) for the Resource Public Key Infrastructure (RPKI)

Design of Graded Trusts by Using Dynamic Path Validation

A search engine for the global PKI

Contact Info

Product

Resources

About