Logo

PKI Consortium blog

Posts by tag IETF

    An Introduction to OCSP Multi-Stapling
    May 7, 2013 by CA Security Council CA/Browser Forum CRL IETF OCSP Revocation SSL/TLS Vulnerability
    OCSP Stapling OCSP is a protocol used to check the validity of certificates to make sure they have not been revoked. OCSP is an alternative to Certificate Revocation Lists (CRLs). Since OCSP responses can be as small as a few hundred bytes, OCSP is particularly useful when the issuing CA has relatively big CRLs, as well as when the client has limited memory and processing power. OCSP can also provide much more timely information than CRLs about the status of a certificate since the information is generally fetched more frequently.

    IETF 86 – Web PKI Working Group
    March 21, 2013 by Bruce Morton (Entrust) CRL Google IETF OCSP PKI Policy Revocation SSL/TLS Web PKI
    At the IETF 86 meeting in Orlando last week, there was a working group meeting discussing the operations of the Web PKI. At the previous IETF 85 meeting a birds-of-a-feather was held to discuss the purpose of having such a group. The result of the meeting was an established group with the charter that states purposes such as: Working group will work to improve the consistency of Web security behavior Address problems as seen by the end-users, certificate holders and CAs Describe how the Web PKI actually works Prepare documented deliverables as discussed below The meeting discussed the charter and the four following deliverables.

    Certificate Revocation and OCSP Stapling
    February 14, 2013 by CA Security Council Attack CASC CRL IETF OCSP Revocation SSL/TLS
    Revocation As a body of global CAs, the CA Security Council is committed to educating server administrators, end-users and other interested parties about SSL enhancements and best practices that can better protect everyone. An important initiative that can make a practical difference right now is addressing easily implemented improvements to certificate status services that handle revocation of invalid or expired certificates, specifically the implementation of OCSP stapling. What is certificate revocation?

    Participate in our community discussions and/or join the consortium