Lightweight OCSP Profile for High Volume Environments

Lightweight OCSP Profile for High Volume Environments
paly
Share

This document, written by Ryan M. Hurst and Alex Deacon on November 10, 2004, outlines a lightweight OCSP (Online Certificate Status Protocol) profile aimed

About Lightweight OCSP Profile for High Volume Environments

PowerPoint presentation about 'Lightweight OCSP Profile for High Volume Environments'. This presentation describes the topic on This document, written by Ryan M. Hurst and Alex Deacon on November 10, 2004, outlines a lightweight OCSP (Online Certificate Status Protocol) profile aimed. The key topics included in this slideshow are . Download this presentation absolutely free.

Presentation Transcript

Slide1Lightweight OCSP Profile forHigh Volume Environments November 10, 2004 Ryan M. Hurst Alex Deacon

Slide2Goals• Profile  how clients and servers use  OCSP  in its “Response Pre-production” mode. • Profile  minimal implementation for ease of client implementation. – Important in constrained environments (reduced bandwidth) • Support cross-WG initiatives to decentralize response distribution. – Important step to support revocation checking in high volume environments like TLS in e-commerce • Use of OCSP in disconnected (catch 22) scenarios (e.g. Need to auth. server to get IP.)

Slide3Supports peer WG initiatives• IP Security Protocol ( ipsec ) – OCSP Extensions to IKEv2 • Transport Layer Security ( tls ) – TLS Extensions ( RFC 3546 ) • 3.6. Certificate Status Request – EAP-TLS • Kerberos WG ( krb-wg ) – OCSP Support for PKINIT

Slide4Where are we?• VeriSign  has public implementation of current draft available. • CoreStreet  current client and server supports profile. • Tumbleweed  current client and server supports profile. • Microsoft current Longhorn beta (client) supports profile.

Slide5Open Issues• nextPublish vs. max-age and ETag – Later appears to be the more accepted route – Remember these are Hints not Policies… • Response validity nesting; clarification of text.

Slide6Questions?

Slide7Facts• Internet Explorer, Firefox, Opera, Safari, etc. do not enable revocation checking by default. • Commercial certificate authority CRLs are quite large (800k+ in some important cases) • Use of OCSP in traditional “real time” mode would result in many requests per page, many request per corporation. • The majority of public internet consumers are dial up (~56k), especially true internationally.

Slide8Misconceptions• Pre-Production is about optimizing out RSA signs – No, it is about: • Bring revocation data closer to the relying party. • Reduce number of potential failure points in e- commerce transactions with revocation checking enabled. • Enabling catch-22 revocation scenarios. • Deploying cost effective OCSP solutions in suitable environments (inexpensive Geographic distribution).

Related

Extreme Environments of the World
Extreme Environments of the World
Cover Page of Volume 1
Cover Page of Volume 1
Steady State Continuity Equation in Volume Control Surface System
Steady State Continuity Equation in Volume Control Surface System
ATM as a High-Speed, Connection-Oriented Transmission Technology
ATM as a High-Speed, Connection-Oriented Transmission Technology
Simplifying SAML with a Special Danish Profile
Simplifying SAML with a Special Danish Profile
Slide1Main Idea/Vocabulary• cone • Find the volumes of pyramids and cones. KC Example
Slide1Main Idea/Vocabulary• cone • Find the volumes of pyramids and cones. KC Example
Introduction to the Finite Volume Method for Gray BTE in Nanoscale Thermal Transport
Introduction to the Finite Volume Method for Gray BTE in Nanoscale Thermal Transport
Understanding Measurements: Volume, Mass, and Length Units
Understanding Measurements: Volume, Mass, and Length Units
Ventilation non-invasive (VNI) for respiratory assistance
Ventilation non-invasive (VNI) for respiratory assistance
Supporting Positive Environments for Children and Young People
Supporting Positive Environments for Children and Young People
Optimized Soft Shadow Volume Algorithm with Real-Time Performance
Optimized Soft Shadow Volume Algorithm with Real-Time Performance
Perilaku Biaya dalam Hubungannya dengan Perubahan Volume Aktivitas
Perilaku Biaya dalam Hubungannya dengan Perubahan Volume Aktivitas
Gold Crew Spill Cleanup Solution for Efficient Surface Washing
Gold Crew Spill Cleanup Solution for Efficient Surface Washing
Enhancing COTS Software Integrity in Mission-Critical Environments
Enhancing COTS Software Integrity in Mission-Critical Environments
My Profile
My Profile
High Level Threats to Humanity: Solutions and Ethics
High Level Threats to Humanity: Solutions and Ethics
Nonlinear Phenomena and High Intensity Accelerators
Nonlinear Phenomena and High Intensity Accelerators
Welcome to Cinco Ranch Junior High - 6th Grade (2014-2015)
Welcome to Cinco Ranch Junior High - 6th Grade (2014-2015)
Complete Profile of an Undip Graduate: Addressing National Competitiveness Concerns
Complete Profile of an Undip Graduate: Addressing National Competitiveness Concerns
Why I Chose a Career in Law: My Personality Profile and Education
Why I Chose a Career in Law: My Personality Profile and Education
Calculating Volumes of Solids of Revolution
Calculating Volumes of Solids of Revolution
Sayreville War Memorial High School Parent Orientation for Class of 2014
Sayreville War Memorial High School Parent Orientation for Class of 2014
Fundamentals of Computer Architecture and Technology Performance Improvement
Fundamentals of Computer Architecture and Technology Performance Improvement
Assistive Technology in Georgia: Collaboration for Success
Assistive Technology in Georgia: Collaboration for Success