?? rfc2560.txt
字號:
module(1) authenticationFramework(7) 3 }
-- PKIX Certificate Extensions
AuthorityInfoAccessSyntax
FROM PKIX1Implicit88 {iso(1) identified-organization(3)
dod(6) internet(1) security(5) mechanisms(5) pkix(7)
id-mod(0) id-pkix1-implicit-88(2)}
Name, GeneralName, CertificateSerialNumber, Extensions,
id-kp, id-ad-ocsp
FROM PKIX1Explicit88 {iso(1) identified-organization(3)
dod(6) internet(1) security(5) mechanisms(5) pkix(7)
id-mod(0) id-pkix1-explicit-88(1)};
OCSPRequest ::= SEQUENCE {
tbsRequest TBSRequest,
optionalSignature [0] EXPLICIT Signature OPTIONAL }
TBSRequest ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
requestorName [1] EXPLICIT GeneralName OPTIONAL,
requestList SEQUENCE OF Request,
requestExtensions [2] EXPLICIT Extensions OPTIONAL }
Signature ::= SEQUENCE {
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
Version ::= INTEGER { v1(0) }
Request ::= SEQUENCE {
reqCert CertID,
singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
CertID ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
issuerNameHash OCTET STRING, -- Hash of Issuer's DN
issuerKeyHash OCTET STRING, -- Hash of Issuers public key
serialNumber CertificateSerialNumber }
OCSPResponse ::= SEQUENCE {
responseStatus OCSPResponseStatus,
responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
OCSPResponseStatus ::= ENUMERATED {
successful (0), --Response has valid confirmations
malformedRequest (1), --Illegal confirmation request
internalError (2), --Internal error in issuer
tryLater (3), --Try again later
--(4) is not used
sigRequired (5), --Must sign the request
unauthorized (6) --Request unauthorized
}
ResponseBytes ::= SEQUENCE {
responseType OBJECT IDENTIFIER,
response OCTET STRING }
BasicOCSPResponse ::= SEQUENCE {
tbsResponseData ResponseData,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
ResponseData ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
responderID ResponderID,
producedAt GeneralizedTime,
responses SEQUENCE OF SingleResponse,
responseExtensions [1] EXPLICIT Extensions OPTIONAL }
ResponderID ::= CHOICE {
byName [1] Name,
byKey [2] KeyHash }
KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
--(excluding the tag and length fields)
SingleResponse ::= SEQUENCE {
certID CertID,
certStatus CertStatus,
thisUpdate GeneralizedTime,
nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
singleExtensions [1] EXPLICIT Extensions OPTIONAL }
CertStatus ::= CHOICE {
good [0] IMPLICIT NULL,
revoked [1] IMPLICIT RevokedInfo,
unknown [2] IMPLICIT UnknownInfo }
RevokedInfo ::= SEQUENCE {
revocationTime GeneralizedTime,
revocationReason [0] EXPLICIT CRLReason OPTIONAL }
UnknownInfo ::= NULL -- this can be replaced with an enumeration
ArchiveCutoff ::= GeneralizedTime
AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
ServiceLocator ::= SEQUENCE {
issuer Name,
locator AuthorityInfoAccessSyntax }
-- Object Identifiers
id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }
id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp }
id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
id-pkix-ocsp-crl OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
id-pkix-ocsp-response OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
END
附錄C MIME注冊
C.1 application/ocsp-request(應用/OCSP-請求)
To(寄往): ietf-types@iana.org
Subject(主題): Registration of MIME media type application/ocsp-request
MIME media type name: application
MIME媒介類型名稱:應用
MIME subtype name: ocsp-request
MIME副類型名稱:OCSP-請求
Required parameters: None
必要參數:無
Optional parameters: None
可選參數:無
Encoding considerations: binary
編碼考慮:二進制
Security considerations: Carries a request for information. This
request may optionally be cryptographically signed.
安全考慮:攜帶一個信息請求。這個請求可以被密碼簽名。
Interoperability considerations: None
協同能力考慮:無
Published specification: IETF PKIX Working Group Draft on Online Certificate Status
Protocol - OCSP
公布規范:IETF PKIX工作組在線證書狀態協議草案——OCSP
Applications which use this media type: OCSP clients
使用這種媒介類型的應用:OCSP客戶端
Additional information:
附加信息:
Magic number(s): None
魔術號:無
File extension(s): .ORQ
物件后綴:ORQ
Macintosh File Type Code(s): none
Macintosh文件類型編碼:無
Person & email address to contact for further information:
Ambarish Malpani <ambarish@valicert.com>
如果要獲得更多信息請寄往私人EMAIL地址Ambarish Malpani
<ambarish@valicert.com>
Intended usage: COMMON
計劃用途:普通
Author/Change controller:
Ambarish Malpani <ambarish@valicert.com>
作家/變化 控制器:
Ambarish Malpani <ambarish@valicert.com>
C.2 application/ocsp-response
應用/OCSP-回復
To(寄往): ietf-types@iana.org
Subject(主題): Registration of MIME media type application/ocsp-response
MIME media type name: application
MIME媒介類型名稱:應用
MIME subtype name: ocsp-response
MIME副類型名稱:OCSP-回復
Required parameters: None
必要參數:無
Optional parameters: None
可選參數:無
Encoding considerations: binary
編碼考慮:二進制
Security considerations: Carries a cryptographically signed response
安全考慮:攜帶一個密碼簽名的回復
Interoperability considerations: None
協同能力考慮:無
Published specification: IETF PKIX Working Group Draft on Online
Certificate Status Protocol - OCSP
公布規范:IETF PKIX工作組在線證書狀態協議草案——OCSP
Applications which use this media type: OCSP servers
使用這種媒介的應用:OCSP服務器
Additional information:
附加信息
Magic number(s): None
魔術號:無
File extension(s): .ORS
文件擴展:ORS
Macintosh File Type Code(s): none
Macintosh文件類型編碼:無
Person & email address to contact for further information:
Ambarish Malpani <ambarish@valicert.com>
如果要獲得更多信息請寄往私人EMAIL地址Ambarish Malpani
<ambarish@valicert.com>
Intended usage: COMMON
計劃用途:普通
Author/Change controller:
Ambarish Malpani <ambarish@valicert.com>
作家/變化 控制器:
Ambarish Malpani <ambarish@valicert.com>
版權申明
Copyright (C) The Internet Society (1999). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
致謝
感謝Internet協會給予RFC編輯部門的資金。
x.509因特網公鑰基礎設施在線證書狀態協議——OCSP
RFC2560 X.509 Internet Public Key Infrastructure Online Certificate Status Protocol – OCSP
1
RFC文檔中文翻譯計劃
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -