📄 rfcrfc2560.txt
字号:
module(1) authenticationFramework(7) 3 }
-- PKIX Certificate Extensions
AuthorityInfoAccessSyntax
FROM PKIX1Implicit88 {iso(1) identified-organization(3)
dod(6) internet(1) security(5) mechanisms(5) pkix(7)
id-mod(0) id-pkix1-implicit-88(2)}
Name, GeneralName, CertificateSerialNumber, Extensions,
id-kp, id-ad-ocsp
FROM PKIX1Explicit88 {iso(1) identified-organization(3)
dod(6) internet(1) security(5) mechanisms(5) pkix(7)
id-mod(0) id-pkix1-explicit-88(1)};
OCSPRequest ::= SEQUENCE {
tbsRequest TBSRequest,
optionalSignature [0] EXPLICIT Signature OPTIONAL }
TBSRequest ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
requestorName [1] EXPLICIT GeneralName OPTIONAL,
requestList SEQUENCE OF Request,
requestExtensions [2] EXPLICIT Extensions OPTIONAL }
Signature ::= SEQUENCE {
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
Version ::= INTEGER { v1(0) }
Request ::= SEQUENCE {
reqCert CertID,
singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
CertID ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
issuerNameHash OCTET STRING, -- Hash of Issuer's DN
issuerKeyHash OCTET STRING, -- Hash of Issuers public key
serialNumber CertificateSerialNumber }
OCSPResponse ::= SEQUENCE {
responseStatus OCSPResponseStatus,
responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
OCSPResponseStatus ::= ENUMERATED {
successful (0), --Response has valid confirmations
malformedRequest (1), --Illegal confirmation request
internalError (2), --Internal error in issuer
tryLater (3), --Try again later
--(4) is not used
sigRequired (5), --Must sign the request
unauthorized (6) --Request unauthorized
}
ResponseBytes ::= SEQUENCE {
responseType OBJECT IDENTIFIER,
response OCTET STRING }
BasicOCSPResponse ::= SEQUENCE {
tbsResponseData ResponseData,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
ResponseData ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
responderID ResponderID,
producedAt GeneralizedTime,
responses SEQUENCE OF SingleResponse,
responseExtensions [1] EXPLICIT Extensions OPTIONAL }
ResponderID ::= CHOICE {
byName [1] Name,
byKey [2] KeyHash }
KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
--(excluding the tag and length fields)
SingleResponse ::= SEQUENCE {
certID CertID,
certStatus CertStatus,
thisUpdate GeneralizedTime,
nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
singleExtensions [1] EXPLICIT Extensions OPTIONAL }
CertStatus ::= CHOICE {
good [0] IMPLICIT NULL,
revoked [1] IMPLICIT RevokedInfo,
unknown [2] IMPLICIT UnknownInfo }
RevokedInfo ::= SEQUENCE {
revocationTime GeneralizedTime,
revocationReason [0] EXPLICIT CRLReason OPTIONAL }
UnknownInfo ::= NULL -- this can be replaced with an enumeration
ArchiveCutoff ::= GeneralizedTime
AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
ServiceLocator ::= SEQUENCE {
issuer Name,
locator AuthorityInfoAccessSyntax }
-- Object Identifiers
id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }
id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp }
id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
id-pkix-ocsp-crl OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
id-pkix-ocsp-response OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
END
附录C MIME注册
C.1 application/ocsp-request(应用/OCSP-请求)
To(寄往): ietf-types@iana.org
Subject(主题): Registration of MIME media type application/ocsp-request
MIME media type name: application
MIME媒介类型名称:应用
MIME subtype name: ocsp-request
MIME副类型名称:OCSP-请求
Required parameters: None
必要参数:无
Optional parameters: None
可选参数:无
Encoding considerations: binary
编码考虑:二进制
Security considerations: Carries a request for information. This
request may optionally be cryptographically signed.
安全考虑:携带一个信息请求。这个请求可以被密码签名。
Interoperability considerations: None
协同能力考虑:无
Published specification: IETF PKIX Working Group Draft on Online Certificate Status
Protocol - OCSP
公布规范:IETF PKIX工作组在线证书状态协议草案——OCSP
Applications which use this media type: OCSP clients
使用这种媒介类型的应用:OCSP客户端
Additional information:
附加信息:
Magic number(s): None
魔术号:无
File extension(s): .ORQ
物件后缀:ORQ
Macintosh File Type Code(s): none
Macintosh文件类型编码:无
Person & email address to contact for further information:
Ambarish Malpani <ambarish@valicert.com>
如果要获得更多信息请寄往私人EMAIL地址Ambarish Malpani
<ambarish@valicert.com>
Intended usage: COMMON
计划用途:普通
Author/Change controller:
Ambarish Malpani <ambarish@valicert.com>
作家/变化 控制器:
Ambarish Malpani <ambarish@valicert.com>
C.2 application/ocsp-response
应用/OCSP-回复
To(寄往): ietf-types@iana.org
Subject(主题): Registration of MIME media type application/ocsp-response
MIME media type name: application
MIME媒介类型名称:应用
MIME subtype name: ocsp-response
MIME副类型名称:OCSP-回复
Required parameters: None
必要参数:无
Optional parameters: None
可选参数:无
Encoding considerations: binary
编码考虑:二进制
Security considerations: Carries a cryptographically signed response
安全考虑:携带一个密码签名的回复
Interoperability considerations: None
协同能力考虑:无
Published specification: IETF PKIX Working Group Draft on Online
Certificate Status Protocol - OCSP
公布规范:IETF PKIX工作组在线证书状态协议草案——OCSP
Applications which use this media type: OCSP servers
使用这种媒介的应用:OCSP服务器
Additional information:
附加信息
Magic number(s): None
魔术号:无
File extension(s): .ORS
文件扩展:ORS
Macintosh File Type Code(s): none
Macintosh文件类型编码:无
Person & email address to contact for further information:
Ambarish Malpani <ambarish@valicert.com>
如果要获得更多信息请寄往私人EMAIL地址Ambarish Malpani
<ambarish@valicert.com>
Intended usage: COMMON
计划用途:普通
Author/Change controller:
Ambarish Malpani <ambarish@valicert.com>
作家/变化 控制器:
Ambarish Malpani <ambarish@valicert.com>
版权申明
Copyright (C) The Internet Society (1999). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
致谢
感谢Internet协会给予RFC编辑部门的资金。
x.509因特网公钥基础设施在线证书状态协议——OCSP
RFC2560 X.509 Internet Public Key Infrastructure Online Certificate Status Protocol – OCSP
1
RFC文档中文翻译计划
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -