rfc9919v1.txt   rfc9919.txt 
skipping to change at line 12 skipping to change at line 12
Internet Engineering Task Force (IETF) 伊藤 忠彦 (T. Ito) Internet Engineering Task Force (IETF) 伊藤 忠彦 (T. Ito)
Request for Comments: 9919 SECOM CO., LTD. Request for Comments: 9919 SECOM CO., LTD.
Obsoletes: 5019 C. Wilson Obsoletes: 5019 C. Wilson
Category: Standards Track Apple, Inc. Category: Standards Track Apple, Inc.
ISSN: 2070-1721 C. Bonnell ISSN: 2070-1721 C. Bonnell
DigiCert, Inc. DigiCert, Inc.
S. Turner S. Turner
sn3rd sn3rd
January 2026 January 2026
Updates to the Lightweight Online Certificate Status Protocol (OCSP) The Lightweight Online Certificate Status Protocol (OCSP) Profile for
Profile for High Volume Environments High-Volume Environments
Abstract Abstract
This specification defines a profile of the Online Certificate Status This specification defines a profile of the Online Certificate Status
Protocol (OCSP) that addresses the scalability issues inherent when Protocol (OCSP) that addresses the scalability issues inherent when
using OCSP in large scale (high volume) Public Key Infrastructure using OCSP in large scale (high volume) Public Key Infrastructure
(PKI) environments and/or in PKI environments that require a (PKI) environments and/or in PKI environments that require a
lightweight solution to minimize communication bandwidth and client- lightweight solution to minimize communication bandwidth and client-
side processing. side processing.
skipping to change at line 81 skipping to change at line 81
4.1. OCSP Responder Discovery 4.1. OCSP Responder Discovery
4.2. Sending an OCSP Request 4.2. Sending an OCSP Request
5. Ensuring an OCSPResponse Is Fresh 5. Ensuring an OCSPResponse Is Fresh
6. Transport Profile 6. Transport Profile
7. Caching Recommendations 7. Caching Recommendations
7.1. Caching at the Client 7.1. Caching at the Client
7.2. HTTP Proxies 7.2. HTTP Proxies
7.3. Caching at Servers 7.3. Caching at Servers
8. Security Considerations 8. Security Considerations
8.1. Replay Attacks 8.1. Replay Attacks
8.2. Man-in-the-Middle Attacks 8.2. On-Path Attacks
8.3. Impersonation Attacks 8.3. Impersonation Attacks
8.4. Denial-of-Service Attacks 8.4. Denial-of-Service Attacks
8.5. Modification of HTTP Header Fields 8.5. Modification of HTTP Header Fields
8.6. Request Authentication and Authorization 8.6. Request Authentication and Authorization
8.7. Use of SHA-1 for the Calculation of CertID Field Values 8.7. Use of SHA-1 for the Calculation of CertID Field Values
9. IANA Considerations 9. IANA Considerations
10. References 10. References
10.1. Normative References 10.1. Normative References
10.2. Informative References 10.2. Informative References
Appendix A. Differences from RFC 5019 Appendix A. Differences from RFC 5019
Appendix B. Examples Appendix B. Examples
B.1. Root Certification Authority Certificate B.1. Root CA Certificate
B.2. End-Entity Certificate B.2. End-Entity Certificate
B.3. OCSP Responder Certificate B.3. OCSP Responder Certificate
B.4. OCSP Request B.4. OCSP Request
B.5. OCSP Response B.5. OCSP Response
Acknowledgments Acknowledgments
Authors' Addresses Authors' Addresses
1. Introduction 1. Introduction
The Online Certificate Status Protocol [RFC6960] specifies a The Online Certificate Status Protocol [RFC6960] specifies a
skipping to change at line 212 skipping to change at line 212
reqCert CertID, reqCert CertID,
singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
CertID ::= SEQUENCE { CertID ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier, hashAlgorithm AlgorithmIdentifier,
issuerNameHash OCTET STRING, -- Hash of issuer's DN issuerNameHash OCTET STRING, -- Hash of issuer's DN
issuerKeyHash OCTET STRING, -- Hash of issuer's public key issuerKeyHash OCTET STRING, -- Hash of issuer's public key
serialNumber CertificateSerialNumber } serialNumber CertificateSerialNumber }
OCSPRequests that conform to the profile in this document MUST OCSPRequests that conform to the profile in this document MUST
include only one Request in the OCSPRequest.RequestList structure. include only one Request in the OCSPRequest.requestList structure.
The CertID.issuerNameHash and CertID.issuerKeyHash fields contain The CertID.issuerNameHash and CertID.issuerKeyHash fields contain
hashes of the issuer's distinguished name (DN) and public key, hashes of the issuer's distinguished name (DN) and public key,
respectively. OCSP clients that conform with this profile MUST use respectively. OCSP clients that conform with this profile MUST use
SHA-256, as defined in Section 2.2 of [RFC5754], as the hashing SHA-256, as defined in Section 2.2 of [RFC5754], as the hashing
algorithm for the CertID.issuerNameHash and the CertID.issuerKeyHash algorithm for the CertID.issuerNameHash and the CertID.issuerKeyHash
values. values.
Older OCSP clients that provide backward compatibility with [RFC5019] Older OCSP clients that provide backward compatibility with [RFC5019]
use SHA-1, as defined in [RFC3174], as the hashing algorithm for the use SHA-1, as defined in [RFC3174], as the hashing algorithm for the
skipping to change at line 285 skipping to change at line 285
responses SEQUENCE OF SingleResponse, responses SEQUENCE OF SingleResponse,
responseExtensions [1] EXPLICIT Extensions OPTIONAL } responseExtensions [1] EXPLICIT Extensions OPTIONAL }
SingleResponse ::= SEQUENCE { SingleResponse ::= SEQUENCE {
certID CertID, certID CertID,
certStatus CertStatus, certStatus CertStatus,
thisUpdate GeneralizedTime, thisUpdate GeneralizedTime,
nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
singleExtensions [1] EXPLICIT Extensions OPTIONAL } singleExtensions [1] EXPLICIT Extensions OPTIONAL }
Responders MUST generate a BasicOCSPResponse as identified by the id- Responders MUST generate a BasicOCSPResponse as identified by the
pkix-ocsp-basic OID. Clients MUST be able to parse and accept a id-pkix-ocsp-basic OID. Clients MUST be able to parse and accept a
BasicOCSPResponse. OCSPResponses that conform to this profile SHOULD BasicOCSPResponse. OCSPResponses that conform to this profile SHOULD
include only one SingleResponse in the ResponseData.responses include only one SingleResponse in the ResponseData.responses
structure but MAY include additional SingleResponse elements if structure but MAY include additional SingleResponse elements if
necessary to improve response pre-generation performance or cache necessary to improve response pre-generation performance or cache
efficiency and to ensure backward compatibility. For instance, to efficiency and to ensure backward compatibility. For instance, to
provide support to OCSP clients that do not yet support the use of provide support to OCSP clients that do not yet support the use of
SHA-256 for CertID hash calculation, the OCSP responder MAY include SHA-256 for CertID hash calculation, the OCSP responder MAY include
two SingleResponses in a BasicOCSPResponse. In that two SingleResponse elements in a BasicOCSPResponse. In that
BasicOCSPResponse, the CertID of one of the SingleResponses uses BasicOCSPResponse, the CertID of one of the SingleResponse structures
SHA-1 for the hash calculation, and the CertID in the other uses SHA-1 for the hash calculation, and the CertID in the other
SingleResponse uses SHA-256. OCSP responders SHOULD NOT distribute SingleResponse uses SHA-256. OCSP responders SHOULD NOT distribute
OCSP responses that contain CertIDs that use SHA-1 if the OCSP OCSP responses that contain CertIDs that use SHA-1 if the OCSP
responder has no clients that require the use of SHA-1. Operators of responder has no clients that require the use of SHA-1. Operators of
OCSP responders may consider logging the hash algorithm used by OCSP OCSP responders may consider logging the hash algorithm used by OCSP
clients to inform their determination of when it is appropriate to clients to inform their determination of when it is appropriate to
obsolete the distribution of OCSP responses that employ SHA-1 for obsolete the distribution of OCSP responses that employ SHA-1 for
CertID field hashes. See Section 8.7 for more information on the CertID field hashes. See Section 8.7 for more information on the
security considerations for the continued use of SHA-1. security considerations for the continued use of SHA-1.
The responder SHOULD NOT include responseExtensions. As specified in The responder SHOULD NOT include responseExtensions. As specified in
skipping to change at line 326 skipping to change at line 326
Clients SHOULD attempt to process a response even if the response Clients SHOULD attempt to process a response even if the response
does not include a nonce. See Section 5 for details on validating does not include a nonce. See Section 5 for details on validating
responses that do not contain a nonce. See also Section 8 for responses that do not contain a nonce. See also Section 8 for
relevant security considerations. relevant security considerations.
Responders that do not have the ability to respond to OCSP requests Responders that do not have the ability to respond to OCSP requests
that contain an unsupported option such as a nonce MAY forward the that contain an unsupported option such as a nonce MAY forward the
request to an OCSP responder capable of doing so. request to an OCSP responder capable of doing so.
The responder MAY include the singleResponse.singleResponse The responder MAY include the SingleResponse.SingleExtensions
extensions structure. extensions structure.
3.2.2. Signed OCSPResponses 3.2.2. Signed OCSPResponses
Clients MUST validate the signature on the OCSPResponse. Clients MUST validate the signature on the OCSPResponse.
If the response is signed by a delegate of the issuing certification If the response is signed by a delegate of the issuing certification
authority (CA), a valid responder certificate MUST be referenced in authority (CA), a valid responder certificate MUST be referenced in
the BasicOCSPResponse.certs structure. the BasicOCSPResponse.certs structure.
It is RECOMMENDED that the OCSP responder's certificate contain the It is RECOMMENDED that the OCSP responder's certificate contain the
id-pkix-ocsp-nocheck extension, as defined in [RFC6960], to indicate id-pkix-ocsp-nocheck extension, as defined in [RFC6960], to indicate
to the client that it need not check the certificate's status. In to the client that it need not check the certificate's status. In
addition, it is RECOMMENDED that neither an OCSP authorityInfoAccess addition, it is RECOMMENDED that neither an OCSP Authority
(AIA) extension nor cRLDistributionPoints (CRLDP) extension be Information Access (AIA) extension nor CRL Distribution Points
included in the OCSP responder's certificate. Accordingly, the (CRLDP) extension be included in the OCSP responder's certificate.
responder's signing certificate SHOULD be relatively short-lived and Accordingly, the responder's signing certificate SHOULD be relatively
renewed regularly. short-lived and renewed regularly.
Clients MUST be able to identify OCSP responder certificates using Clients MUST be able to identify OCSP responder certificates using
the byKey field and SHOULD be able to identify OCSP responder the byKey field and SHOULD be able to identify OCSP responder
certificates using the byName field of the ResponseData.ResponderID certificates using the byName field of the ResponseData.ResponderID
[RFC6960] choices. [RFC6960] choices.
Older responders that provide backward compatibility with [RFC5019] Older responders that provide backward compatibility with the
MAY use the byName field to represent the ResponderID but should protocol defined in [RFC5019] MAY use the byName field to represent
transition to using the byKey field as soon as practical. the ResponderID but should transition to using the byKey field as
soon as practical.
Newer responders that conform to this profile MUST use the byKey Newer responders that conform to this profile MUST use the byKey
field to represent the ResponderID to reduce the size of the field to represent the ResponderID to reduce the size of the
response. response.
3.2.3. OCSPResponseStatus Values 3.2.3. OCSPResponseStatus Values
As long as the OCSP infrastructure has authoritative records for a As long as the OCSP infrastructure has authoritative records for a
particular certificate, an OCSPResponseStatus of "successful" will be particular certificate, an OCSPResponseStatus of "successful" will be
returned. When access to authoritative records for a particular returned. When access to authoritative records for a particular
certificate is not available, the responder MUST return an certificate is not available, the responder MUST return an
OCSPResponseStatus of "unauthorized". As such, this profile extends OCSPResponseStatus of "unauthorized".
the [RFC6960] definition of "unauthorized" as follows:
The response "unauthorized" is returned in cases where the client is
not authorized to make this query to this responder or the responder
is not capable of responding authoritatively.
For example, OCSP responders that do not have access to authoritative For example, OCSP responders that do not have access to authoritative
records for a requested certificate, such as those that generate and records for a requested certificate, such as those that generate and
distribute OCSP responses in advance and thus do not have the ability distribute OCSP responses in advance and thus do not have the ability
to properly respond with a signed "successful" yet "unknown" to properly respond with a signed "successful" yet "unknown"
response, will respond with an OCSPResponseStatus of "unauthorized". response, will respond with an OCSPResponseStatus of "unauthorized".
Also, in order to ensure the database of revocation information does Also, in order to ensure the database of revocation information does
not grow unbounded over time, the responder MAY remove the status not grow unbounded over time, the responder MAY remove the status
records of expired certificates. Requests from clients for records of expired certificates. Requests from clients for
certificates whose record has been removed will result in an certificates whose record has been removed will result in an
skipping to change at line 417 skipping to change at line 413
For the purposes of this profile, ASN.1-encoded GeneralizedTime For the purposes of this profile, ASN.1-encoded GeneralizedTime
values, such as thisUpdate, nextUpdate, and producedAt, MUST be values, such as thisUpdate, nextUpdate, and producedAt, MUST be
expressed Greenwich Mean Time (Zulu) and MUST include seconds (i.e., expressed Greenwich Mean Time (Zulu) and MUST include seconds (i.e.,
times are YYYYMMDDHHMMSSZ), even where the number of seconds is zero. times are YYYYMMDDHHMMSSZ), even where the number of seconds is zero.
GeneralizedTime values MUST NOT include fractional seconds. GeneralizedTime values MUST NOT include fractional seconds.
4. Client Behavior 4. Client Behavior
4.1. OCSP Responder Discovery 4.1. OCSP Responder Discovery
Clients MUST support the authorityInfoAccess extension as defined in Clients MUST support the AIA extension as defined in [RFC5280] and
[RFC5280] and MUST recognize the id-ad-ocsp access method. This MUST recognize the id-ad-ocsp access method. This enables CAs to
enables CAs to inform clients how they can contact the OCSP service. inform clients how they can contact the OCSP service.
In the case where a client is checking the status of a certificate In the case where a client is checking the status of a certificate
that contains both an authorityInformationAccess (AIA) extension that contains both an AIA extension pointing to an OCSP responder and
pointing to an OCSP responder and a cRLDistributionPoints extension a CRLDP extension pointing to a CRL, the client SHOULD attempt to
pointing to a CRL, the client SHOULD attempt to contact the OCSP contact the OCSP responder first. Clients MAY attempt to retrieve
responder first. Clients MAY attempt to retrieve the CRL if no the CRL if no OCSPResponse is received from the responder after a
OCSPResponse is received from the responder after a locally locally configured timeout and number of retries.
configured timeout and number of retries.
4.2. Sending an OCSP Request 4.2. Sending an OCSP Request
To avoid needless network traffic, applications MUST verify the To avoid needless network traffic, applications MUST verify the
signature of signed data before asking an OCSP client to check the signature of signed data before asking an OCSP client to check the
status of certificates used to verify the data. If the signature is status of certificates used to verify the data. If the signature is
invalid or the application is not able to verify it, an OCSP check invalid or the application is not able to verify it, an OCSP check
MUST NOT be requested. MUST NOT be requested.
Similarly, an application MUST validate the signature on certificates Similarly, an application MUST validate the signature on certificates
skipping to change at line 488 skipping to change at line 483
and caches. This tolerance period should be chosen based on the and caches. This tolerance period should be chosen based on the
accuracy and precision of time synchronization technology available accuracy and precision of time synchronization technology available
to the calling application environment. For example, Internet peers to the calling application environment. For example, Internet peers
with low latency connections typically expect NTP time with low latency connections typically expect NTP time
synchronization to keep them accurate within parts of a second; synchronization to keep them accurate within parts of a second;
higher latency environments or where an NTP analogue is not available higher latency environments or where an NTP analogue is not available
may have to be more liberal in their tolerance (e.g., allow one day may have to be more liberal in their tolerance (e.g., allow one day
difference). difference).
See the security considerations in Section 8 for additional details See the security considerations in Section 8 for additional details
on replay and man-in-the-middle attacks. on replay and on-path attacks.
6. Transport Profile 6. Transport Profile
OCSP clients can send HTTP-based OCSP requests using either the GET OCSP clients can send HTTP-based OCSP requests using either the GET
or POST method. The OCSP responder MUST support requests and or POST method. The OCSP responder MUST support requests and
responses over HTTP. When sending requests that are less than or responses over HTTP. When sending requests that are less than or
equal to 255 bytes in total (after encoding) including the scheme and equal to 255 bytes in total (after encoding), including the scheme
delimiters (http://), server name and base64-encoded OCSPRequest and delimiters (http://), server name, and base64-encoded OCSPRequest
structure, clients MUST use the GET method (to enable OCSP response structure, clients MUST use the GET method (to enable OCSP response
caching). OCSP requests larger than 255 bytes SHOULD be submitted caching). OCSP requests larger than 255 bytes SHOULD be submitted
using the POST method. In all cases, clients MUST follow the using the POST method. In all cases, clients MUST follow the
descriptions in Appendix A.1 of [RFC6960] when constructing these descriptions in Appendix A.1 of [RFC6960] when constructing these
messages. messages.
When constructing a GET message, OCSP clients MUST base64-encode the When constructing a GET message, OCSP clients MUST base64-encode the
OCSPRequest structure according to Section 4 of [RFC4648]. Clients OCSPRequest structure according to Section 4 of [RFC4648]. Clients
MUST NOT include whitespace or any other characters that are not part MUST NOT include whitespace or any other characters that are not part
of the base64 character repertoire in the base64-encoded string. of the base64 character repertoire in the base64-encoded string.
skipping to change at line 619 skipping to change at line 614
in authoritative OCSP responses. in authoritative OCSP responses.
OCSP responders SHOULD include one or more of these HTTP header OCSP responders SHOULD include one or more of these HTTP header
fields in non-authoritative OCSP responses. fields in non-authoritative OCSP responses.
For example, assume that an OCSP response has the following timestamp For example, assume that an OCSP response has the following timestamp
values: values:
thisUpdate = March 19, 2023 01:00:00 GMT thisUpdate = March 19, 2023 01:00:00 GMT
nextUpdate = March 21, 2023 01:00:00 GMT nextUpdate = March 21, 2023 01:00:00 GMT
productedAt = March 19, 2023 01:00:00 GMT producedAt = March 19, 2023 01:00:00 GMT
and that an OCSP client requests the response on March 20, 2023 and that an OCSP client requests the response on March 20, 2023
01:00:00 GMT. In this scenario, the HTTP response may look like 01:00:00 GMT. In this scenario, the HTTP response may look like
this: this:
Content-Type: application/ocsp-response Content-Type: application/ocsp-response
Content-Length: 1000 Content-Length: 1000
Date: Mon, 20 Mar 2023 01:00:00 GMT Date: Mon, 20 Mar 2023 01:00:00 GMT
Last-Modified: Sun, 19 Mar 2023 01:00:00 GMT Last-Modified: Sun, 19 Mar 2023 01:00:00 GMT
ETag: "97df3588b5a3f24babc3851b372f0ba7 ETag: "97df3588b5a3f24babc3851b372f0ba7
skipping to change at line 665 skipping to change at line 660
to establish a new HTTP session with the OCSP responder. to establish a new HTTP session with the OCSP responder.
Third, it reduces the number of round trips the client needs to make Third, it reduces the number of round trips the client needs to make
in order to complete a handshake. in order to complete a handshake.
Fourth, it simplifies the client-side OCSP implementation by enabling Fourth, it simplifies the client-side OCSP implementation by enabling
a situation where the client need only the ability to parse and a situation where the client need only the ability to parse and
recognize OCSP responses. recognize OCSP responses.
This functionality has been specified as an extension to the TLS This functionality has been specified as an extension to the TLS
protocol [RFC9846] in Section 4.4.2 of [RFC9846] but can be applied protocol in Section 4.4.2 of [RFC9846] but can be applied to any
to any client-server protocol. client-server protocol.
It is RECOMMENDED by this profile that both TLS clients and servers It is RECOMMENDED by this profile that both TLS clients and servers
implement the certificate status request extension mechanism for TLS. implement the certificate status request extension mechanism for TLS.
Further information regarding caching issues can be obtained from Further information regarding caching issues can be obtained from
[RFC3143]. [RFC3143].
8. Security Considerations 8. Security Considerations
The following considerations apply in addition to the security The following considerations apply in addition to the security
skipping to change at line 695 skipping to change at line 690
order to mitigate this attack, clients MUST have access to an order to mitigate this attack, clients MUST have access to an
accurate source of time and ensure that the OCSP responses they accurate source of time and ensure that the OCSP responses they
receive are sufficiently fresh. receive are sufficiently fresh.
Clients that do not have an accurate source of date and time are Clients that do not have an accurate source of date and time are
vulnerable to service disruption. For example, a client with a vulnerable to service disruption. For example, a client with a
sufficiently fast clock may reject a fresh OCSP response. Similarly, sufficiently fast clock may reject a fresh OCSP response. Similarly,
a client with a sufficiently slow clock may incorrectly accept a client with a sufficiently slow clock may incorrectly accept
expired valid responses for certificates that may in fact be revoked. expired valid responses for certificates that may in fact be revoked.
Future versions of the OCSP protocol may provide a way for the client Future versions of OCSP may provide a way for the client to know
to know whether the responder supports nonces or does not support whether the responder supports nonces or does not support nonces. If
nonces. If a client can determine that the responder supports a client can determine that the responder supports nonces, it MUST
nonces, it MUST reject a reply that does not contain an expected reject a reply that does not contain an expected nonce. Otherwise,
nonce. Otherwise, clients that opt to include a nonce in the request clients that opt to include a nonce in the request SHOULD NOT reject
SHOULD NOT reject a corresponding OCSPResponse solely on the basis of a corresponding OCSPResponse solely on the basis of the nonexistent
the nonexistent expected nonce but MUST fall back to validating the expected nonce but MUST fall back to validating the OCSPResponse
OCSPResponse based on time. based on time.
8.2. Man-in-the-Middle Attacks 8.2. On-Path Attacks
To mitigate risk associated with this class of attack, the client To mitigate risk associated with this class of attack, the client
MUST properly validate the signature on the response. MUST properly validate the signature on the response.
The use of signed responses in OCSP serves to authenticate the The use of signed responses in OCSP serves to authenticate the
identity of the OCSP responder and to verify that it is authorized to identity of the OCSP responder and to verify that it is authorized to
sign responses on the CA's behalf. sign responses on the CA's behalf.
Clients MUST ensure that they are communicating with an authorized Clients MUST ensure that they are communicating with an authorized
responder by the rules described in Section 4.2.2.2 of [RFC6960]. responder by the rules described in Section 4.2.2.2 of [RFC6960].
skipping to change at line 830 skipping to change at line 825
Ed., "HTTP Caching", STD 98, RFC 9111, Ed., "HTTP Caching", STD 98, RFC 9111,
DOI 10.17487/RFC9111, June 2022, DOI 10.17487/RFC9111, June 2022,
<https://www.rfc-editor.org/info/rfc9111>. <https://www.rfc-editor.org/info/rfc9111>.
[RFC9846] Rescorla, E., "The Transport Layer Security (TLS) Protocol [RFC9846] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 9846, DOI 10.17487/RFC9846, January Version 1.3", RFC 9846, DOI 10.17487/RFC9846, January
2026, <https://www.rfc-editor.org/info/rfc9846>. 2026, <https://www.rfc-editor.org/info/rfc9846>.
10.2. Informative References 10.2. Informative References
[OCSPMP] Open Mobile Alliance, "OCSP Mobile Profile V1.0", [OCSPMP] Open Mobile Alliance, "Online Certificate Status Protocol
<https://www.openmobilealliance.org>. Mobile Profile", Candidate Version V1.0, 27 January 2004,
<https://www.openmobilealliance.org/release/OCSP/
V1_0-20040127-C/OMA-WAP-OCSP-V1_0-20040127-C.pd>.
[RFC3143] Cooper, I. and J. Dilley, "Known HTTP Proxy/Caching [RFC3143] Cooper, I. and J. Dilley, "Known HTTP Proxy/Caching
Problems", RFC 3143, DOI 10.17487/RFC3143, June 2001, Problems", RFC 3143, DOI 10.17487/RFC3143, June 2001,
<https://www.rfc-editor.org/info/rfc3143>. <https://www.rfc-editor.org/info/rfc3143>.
[RFC3174] Eastlake 3rd, D. and P. Jones, "US Secure Hash Algorithm 1 [RFC3174] Eastlake 3rd, D. and P. Jones, "US Secure Hash Algorithm 1
(SHA1)", RFC 3174, DOI 10.17487/RFC3174, September 2001, (SHA1)", RFC 3174, DOI 10.17487/RFC3174, September 2001,
<https://www.rfc-editor.org/info/rfc3174>. <https://www.rfc-editor.org/info/rfc3174>.
[RFC9500] Gutmann, P. and C. Bonnell, "Standard Public Key [RFC9500] Gutmann, P. and C. Bonnell, "Standard Public Key
skipping to change at line 875 skipping to change at line 872
* Section 3.2.2 requires new OCSP responders to use the byKey field * Section 3.2.2 requires new OCSP responders to use the byKey field
and support migration from byName fields. and support migration from byName fields.
* Section 6 clarifies that OCSP clients MUST NOT include whitespace * Section 6 clarifies that OCSP clients MUST NOT include whitespace
or any other characters that are not part of the base64 character or any other characters that are not part of the base64 character
repertoire in the base64-encoded string. repertoire in the base64-encoded string.
Appendix B. Examples Appendix B. Examples
B.1. Root Certification Authority Certificate B.1. Root CA Certificate
This is a self-signed certificate for the certification authority This is a self-signed certificate for the CA that issued the end-
that issued the end-entity certificate and OCSP-delegated responder entity certificate and OCSP-delegated responder example certificates
example certificates below. below.
The key pair for the certification authority is the "testECCP521" key The key pair for the CA is the "testECCP521" key from Section 2.3 of
from Section 2.3 of [RFC9500]. [RFC9500].
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICKDCCAYqgAwIBAgIBATAKBggqhkjOPQQDBDA4MQswCQYDVQQGEwJYWDEUMBIG MIICKDCCAYqgAwIBAgIBATAKBggqhkjOPQQDBDA4MQswCQYDVQQGEwJYWDEUMBIG
A1UECgwLQ2VydHMgJ3IgVXMxEzARBgNVBAMMCklzc3VpbmcgQ0EwHhcNMjQwNDAy A1UECgwLQ2VydHMgJ3IgVXMxEzARBgNVBAMMCklzc3VpbmcgQ0EwHhcNMjQwNDAy
MTIzNzQ3WhcNMjUwNDAyMTIzNzQ3WjA4MQswCQYDVQQGEwJYWDEUMBIGA1UECgwL MTIzNzQ3WhcNMjUwNDAyMTIzNzQ3WjA4MQswCQYDVQQGEwJYWDEUMBIGA1UECgwL
Q2VydHMgJ3IgVXMxEzARBgNVBAMMCklzc3VpbmcgQ0EwgZswEAYHKoZIzj0CAQYF Q2VydHMgJ3IgVXMxEzARBgNVBAMMCklzc3VpbmcgQ0EwgZswEAYHKoZIzj0CAQYF
K4EEACMDgYYABAHQ/XJXqEx0f1YldcBzhdvr8vUr6lgIPbgv3RUx2KrjzIdf8C/3 K4EEACMDgYYABAHQ/XJXqEx0f1YldcBzhdvr8vUr6lgIPbgv3RUx2KrjzIdf8C/3
+i2iYNjrYtbS9dZJJ44yFzagYoy7swMItuYY2wD2KtIExkYDWbyBiriWG/Dw/A7F +i2iYNjrYtbS9dZJJ44yFzagYoy7swMItuYY2wD2KtIExkYDWbyBiriWG/Dw/A7F
quikKBc85W8A3psVfB5cgsZPVi/K3vxKTCj200LPPvYW/ILTO3KFySHyvzb92KNC quikKBc85W8A3psVfB5cgsZPVi/K3vxKTCj200LPPvYW/ILTO3KFySHyvzb92KNC
MEAwHQYDVR0OBBYEFI7CFAlgduqQOOk5rhttUsQXfZ++MA8GA1UdEwEB/wQFMAMB MEAwHQYDVR0OBBYEFI7CFAlgduqQOOk5rhttUsQXfZ++MA8GA1UdEwEB/wQFMAMB
skipping to change at line 1586 skipping to change at line 1583
: } : }
: } : }
: } : }
: } : }
: } : }
Acknowledgments Acknowledgments
The authors of this version of the document wish to thank Alex Deacon The authors of this version of the document wish to thank Alex Deacon
and Ryan Hurst for their work to produce the original version of the and Ryan Hurst for their work to produce the original version of the
lightweight profile for the OCSP protocol. lightweight profile for OCSP.
The authors of this version of the document wish to thank Paul The authors of this version of the document wish to thank Paul
Kyzivat, Russ Housley, Rob Stradling, Roman Danyliw, and Wendy Brown Kyzivat, Russ Housley, Rob Stradling, Roman Danyliw, and Wendy Brown
for their reviews, feedback, and suggestions. for their reviews, feedback, and suggestions.
The authors wish to thank Magnus Nystrom of RSA Security, Inc., The authors wish to thank Magnus Nystrom of RSA Security, Inc.,
Jagjeet Sondh of Vodafone Group R&D, and David Engberg of CoreStreet, Jagjeet Sondh of Vodafone Group R&D, and David Engberg of CoreStreet,
Ltd. for their contributions to the original [RFC5019] specification. Ltd. for their contributions to the original [RFC5019] specification.
Listed organizational affiliations reflect the authors' affiliations Listed organizational affiliations reflect the authors' affiliations
at the time RFC 5019 was published. at the time RFC 5019 was published.
 End of changes. 23 change blocks. 
58 lines changed or deleted 55 lines changed or added

This html diff was produced by rfcdiff 1.48.