Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore.

BCSE330L Module 3 - Digital Certificates

Public Key Infrastructure and Trust
Management Introduction to Digital Certificate - Certificate Structure and
Semantics – Alternative Certificate Formats - Certificate Policies -
Object Identifiers - Policy Authorities - Certification Authority -
By, Key/Certificate Life Cycle Management - Certificate Revocation -
Dr.Swetha.N.G., Representing certificates in terms of S-Expressions - Certificate Chain.
Assistant Professor Senior, (7 Hours)
Department of Analytics,
School of Computer Science and Engineering,
Vellore Institute of Technology, Vellore.

Email: [email protected] Mobile: 8903580808 Cabin: PRP 217-16

Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

1. Introduction to Digital Certificate 1.1 Digital Certificate

• Kohnfelder first introduced the concept of using a signed data • The term digital certificate is sometimes used to denote a certificate
structure or certificate to convey the public key to a relying party. in electronic form.
• Public-key certificates are used to bind an entity's name (and possibly • Birth certificate issued by government in electronic form.
additional attributes associated with that entity) with the • Public Key Certificate issued by CA
corresponding public key. • In accordance with common practice in the PKI industry, we will
• Different types of certificates simply use the term certificate as a shorthand notation for an X.509
• X.509 public-key certificates Version 3 public-key certificate.
• Simple Public Key Infrastructure (SPKI) certificates
• Pretty Good Privacy (PGP) certificates
• Attribute certificates
Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore. Page 1 of 22
 Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore.

2. Certificate Structure and

1.2 Certificates Semantics
• Public-key certificate
• These user certificates are assumed to be created by some trusted
certification authority (CA) and placed in the directory by the CA or
by the user.
• The directory server itself is not responsible for the creation of
public keys or for the certification function; it merely provides an
easily accessible location for users to obtain certificates.

Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

2.1 X.509 Version 3 2.2 Certificate Extensions

• Setbacks of Version 2 • Key and Policy Information
• The subject field is inadequate to convey the identity of a key owner to a public- key user. • Authority key identifier
X.509 names may be relatively short and lacking in obvious identification details that may be • Subject key identifier
needed by the user. • Key usage Refer Text Book for detailed elaboration
• The subject field is also inadequate for many applications, which typically recognize entities • Private-key usage period about certificate extensions.
by an Internet email address, a URL, or some other Internet related identification. • Certificate policies
• There is a need to indicate security policy information. This enables a security application or • Policy mappings
function, such as IPSec, to relate an X.509 certificate to a given policy. • Certificate Subject and Issuer Attributes
• There is a need to limit the damage that can result from a faulty or malicious CA by setting • Subject alternative name
constraints on the applicability of a particular certificate. • Issuer alternative name
• It is important to be able to identify different keys used by the same owner at different • Subject directory attributes
times. This feature supports key lifecycle management: in particular, the ability to update key • Certification Path Constraints
pairs for users and CAs on a regular basis or under exceptional circumstances. • Basic constraints
• Version 3 - Certificate Extensions • Name constraints
• Policy constraints

Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore. Page 2 of 22
 Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore.

3. Alternative Certificate Formats 3.1 SPKI (Simple Public Key Infrastructure)

• The certificate formats other than X.509 are listed below, • The IETF SPKI Working Group produced a number of technical and
• SPKI informational documents, including
• PGP • SPKI certificate format
• SET • SPKI certificate theory
• Attribute Certificate • SPKI requirements
• SPKI examples
• The SPKI certificate is referred to as an authorization certificate.
• The primary purpose of the SPKI authorization certificate is to convey
permissions.
• It also includes the ability to delegate permissions to others.
Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

3.1 SPKI 3.1.1 S - Expressions

• The format of SPKI objects is a simplified form of S-expression.
• An S-expression is a list enclosed in matching "(" and ")", similar to
the recursive list data structure in of the LISP and Scheme
programming languages.

Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore. Page 3 of 22
 Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore.

S- Expression: Octet String S- Expression: List

• Informally, an S-expression is either:
• An octet-string • A list is a finite sequence of zero or more simpler S-expressions.
• A finite list of simpler S-expressions
• An octet-string is a finite sequence of eight-bit octets. • A list is represented by using parentheses to surround the sequence
of encodings of its elements, as in:
• There may be many different but equivalent ways of representing an octet-
string (abc (de #6667#) "ghi jkl")

• The above encodings are all equivalent; they all denote the same
octet string. Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore.
Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore.

S- Expression: Character Set S- Expression: Octet String

Types Values
Alphabetic A B ... Z a b ... z • An octet-string is any finite sequence of octets, and that the octet-string
Numeric 0 1 ... 9 may have length zero.
Whitespace space, horizontal tab, vertical tab, form-feed carriage-return, line-feed • Verbatim representation
Pseudo-alphabetic - hyphen or minus / slash : colon • A verbatim encoding of an octet string consists of three parts:
. period _ underscore * asterisk • The length (number of octets) of the octet-string, given in decimal, most significant digit first,
: = equal + plus with no leading zeros.
• A colon ":"
Reserved punctuation ( left parenthesis ] right bracket | vertical bar
• The octet string itself, verbatim.
) right parenthesis { left brace # number sign
[ left bracket } right brace " double quote • Eg:
& ampersand \ backslash • 3:abc
Unused and unavailable, ! exclamation point ~ tilde , comma • 7:subject
except in "verbatim" and % percent ; semicolon < less than • 4:::::
"quoted string" ^ circumflex ' apostrophe > greater than • 12:hello world!
? question mark • 10:abcdefghij
Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of • 0: Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore. Page 4 of 22
 Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore.

S- Expression: Octet String S- Expression: Octet String

• Quoted-string representation • Token representation
• The quoted-string representation of an octet-string consists of: • An octet string that meets the following conditions may be given directly as a
• an optional decimal length field
• an initial double-quote (")
"token".
• the octet string with "C" escape conventions (\n, etc) • It does not begin with a digit
• a final double-quote (") • It contains only characters that are: alphabetic (upper or lower case); numeric; or one of
• Eg: the eight "pseudo-alphabetic" punctuation marks:
• "subject" • - . / _ : * + =
• "hi there" • Here are some examples of token representations:
• 7"subject" • subject
• 3"\n\n\n" • not-before
• "This has\n two lines."
• class-of-1997
• "This has \
• one." • //microsoft.com/names/smith
• "" • *

Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

S- Expression: Octet String S- Expression: Octet String

• Hexadecimal representation • Base-64 representation
• An octet-string may be represented with a hexadecimal encoding consisting of: • An octet-string may be represented in a base-64 coding [RFC4648] consisting of:
• an (optional) decimal length of the octet string • an (optional) decimal length of the octet string
• a vertical bar "|"
• a sharp-sign "#"
• the base-64 [RFC4648] encoding of the octet string.
• a hexadecimal encoding of the octet string, with each octet represented with two
hexadecimal digits, most significant digit first. There MUST be an even number of such digits. • a final vertical bar "|"
• The base-64 encoding uses only the characters A-Z a-z 0-9 + / =
• a sharp-sign "#“
• Eg:
• Eg: • |YWJj| -- represents "abc"
• #616263# -- represents "abc" • |YW
• 3#616263# -- also represents "abc" • J j | -- also represents "abc"
• # 616 • 3|YWJj| -- also represents "abc"
• 263 # -- also represents "abc" • |YWJjZA==| -- represents "abcd"
• |YWJjZA| -- also represents "abcd"
Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore. Page 5 of 22
 Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore.

S- Expression: Octet String S- Expression: Representation types

• Display hint • There are three types of representations:
• A display-hint is an octet string surrounded by square brackets. • Canonical
• Eg: • Basic transport
• [image/gif] • Advanced transport
• [URI]
• [charset=unicode-1-1]
• The first two MUST be supported by any implementation; the last is
• [text/richtext] OPTIONAL.
• [application/postscript]
• [audio/basic]
• ["http://abc.com/display-types/funky.html"]

Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

S- Expression: Canonical representation S- Expression: Basic transport representation

• This canonical representation is used for digital signature purposes, • There are two forms of the basic transport representation:
transmission, etc. • The canonical representation
• An [RFC4648] base-64 representation of the canonical representation, surrounded
• It is uniquely defined for each S-expression. by braces.
• The "canonical" form of an S-expression represents each octet-string • The transport mechanism is intended to provide a universal means of
in verbatim mode, and represents each list with no blanks representing S-expressions for transport from one machine to another.
separating elements from each other or from the surrounding • Eg:
parentheses. • (1:a1:b1:c)
• Eg: • {KDE6YTE6YjE6YykK}
• (6:issuer3:bob) • The second example above is the same S-expression as the first encoded in
• (4:icon[12:image/bitmap]9:xxxxxxxxx) base-64.
• (7:subject(3:ref5:alice6:mother))
Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore. Page 6 of 22
 Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore.

S-Expression: Advanced transport

S-Expression: Names
representation
• The "advanced transport" representation is intended to provide more • A name may be represented in one of two ways:
flexible and readable notations for documentation, design, • As an octet string that does not begin with any special character.
debugging, and (in some cases) user interface. • Examples: "abc", mary-sue, [email protected], &61

• The advanced transport representation allows all of the • As an arbitrary S-expression, enclosed in the form ( Local-Name: n ).
• ( Local-Name: ( Accounting ( Bob Smith ) ) )
representation forms include quoted strings, base-64 and
hexadecimal representation of strings, tokens, representations of
strings with omitted lengths, and so on.

Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

S-Expression: Objects S-Expression: Keys and encryption parameters

• It can be of any one of the three types,
• Attribute Value pair • Cryptographic keys are represented by an attribute/value object that
• An object of this type has length exactly two. gives the key type (one of Public-Key:, Private-Key: or Shared-Secret-
• The head (the object type) can be thought of as the Key:) with a sub set-type object whose type is the algorithm specified,
“attribute”, and the body contains just one element,
which is the associate “value”.
and whose parts give associated parameters.
• Sequence
• Has as a body a variable-length sequence of one or
more elements, all of the same type (or super-type).
• Set
• Has as a body of variable number of lists
representing objects of distinct basic types.
• That is, there may be at most one subobject of any
given type, with the exception of the subobject
type Signed: which may appear multiple times.
Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore. Page 7 of 22
 Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore.

S-Expression: Encrypted Objects

S-Expression: Principal • The encryption of an object X is a set-type object whose parts
indicate the encryption key (either a public key or a shared-secret
• A SDSI principal is defined as a public signature verification key, one key) used to encrypt the object and give the ciphertext resulting from
or more optional global names, and one or more optional internet encrypting an ASCII representation of X.
addresses.
• The most important thing about a principal is its ability to verify
signed statements; that is why a principal is defined in terms of its
public key.

Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

S-Expression: Signed Objects S-Expression: Certificates

• A signature is represented by a set-type object of type Signed:. An • Certificates (certs) are signed (set-type) objects.
example of a minimal object of type Signed: is shown below: • Most certificates contain a Local-Name: (attribute/value) field giving a
local name.

Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore. Page 8 of 22
 Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore.

S-Expression: Certificate
S-Expression: Certificates
(Cert: Show how the certificate is represented in S-Expression
(Local-Name: name) with the following information.
(Value: Security_Admin)
(Description: Max_Privilege) Parameters Value
(Public-Key: Name Ram
(RSA-with-SHA1: Security Clearance Security_Admin
(N: 123456) Description Max_Privilege
(E: 78910) Public key information Algorithm: RSA with SHA1
) N: 123456
E: 78910
(Signed:
For the purpose of Algorithm: SHA1
(Object-Hash: (SHA1: =ABC=))
Signature Hash Value: =ABC=
(Date: 01.08.2024) Date: 01.08.2024
(Signature: &ABCDE&) Signature: &ABCDE&
)

Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of

) Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

Homework
3.2 PGP
Show how the certificate is represented in S-Expression Show how the certificate is represented in S-Expression
with the following information. with the following information. The Certificate contains
encrypted Public Key. • Pretty Good Privacy (PGP) is a method for encrypting and digitally signing
Parameters Value e-mail messages and files.
Name AAA Parameters Value
• Phil Zimmermann introduced the first version of PGP in the early 1990s.
Public key information Algorithm: RSA with SHA1 Name Ram
N: 123456 Public key information Algorithm: RSA with SHA1
• The latest version of PGP, referred to as OpenPGP, has been published as
E: 78910 N: 123456 an IETF standards-track specification entitled OpenPGP Message Format.
• PGP specifies packet formats that convey messages and files from one
For the purpose of Algorithm: SHA1 E: 78910
Signature Hash Value: =ABC= For the purpose of Algorithm: SHA1
Date: 01.08.2024 Signature Hash Value: =ABC= entity to another.
Signature: &ABCDE& Date: 01.08.2024 • PGP also includes packet formats that convey PGP keys (sometimes
Signature: &ABCDE&
referred to as PGP certificates) from one entity to another.

Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore. Page 9 of 22
 Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore.

3.2 PGP Certificate Format 3.3 SET

• A PGP certificate includes (but is not limited to) the following information: • Secure Electronic
• The PGP version number — this identifies which version of PGP was used to create Transaction (SET)
the key associated with the certificate.
• The certificate holder's public key — the public portion of your key pair, together • SET adopts the X.509
with the algorithm of the key: RSA, DH (Diffie-Hellman), or DSA (Digital Signature Version 3 public-key
Algorithm).
• The certificate holder's information — this consists of "identity" information about certificate format, and
the user, such as his or her name, user ID, photograph, and so on. it defines specific
• The digital signature of the certificate owner — also called a self-signature, this is private extensions that
the signature using the corresponding private key of the public key associated with have meaning only in a
the certificate.
• The certificate's validity period — the certificate's start date/ time and expiration SET context.
date/ time; indicates when the certificate will expire.
• The preferred symmetric encryption algorithm for the key — indicates the
encryption algorithm to which the certificate owner prefers to have information
encrypted. The supported algorithms are CAST, IDEA or Triple-DES.
Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

4. Certificate Policies
3.4 Attribute Certificates
• A number of policy-related extensions may be present in a given certificate.
• The X.509 attribute certificate (AC) binds attributes [role, security • The policy-related extensions refer either directly or indirectly to a
clearance, group membership and others] to an AC holder. certificate policy.
• AC is used in conjunction with a public key certificate. • Certificate Policy
• A named set of rules that indicates the applicability of a certificate to a particular
• An access control function may make use of the attributes in an AC community and/or class of application with common security requirements.
for authorization, but it is not a replacement for authentication. • Eg: Applicability of a certificate towards electronic data exchange.
• Certificate Policy is a high-level statement of requirements and restrictions
• The public key certificate must first be used to perform associated with the intended use of the certificates issued under that policy
authentication, then the AC is used to associate attributes with the • Set of rules for the use of certificate
authenticated identity.
• Certification Practice Statement (CPS):
• Fields • A CPS is an extremely detailed (and potentially extremely sensitive) document that
• Version, holder, issuer, signature algorithm identifier, serial number, validity describes the internal operating procedures of the CA and/or PKI that issues those
period, attributes, issuer unique identifier, and extensions. certificates.
Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore. Page 10 of 22
 Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore.

4. Certificate Policy 4.1 Contents of a Certificate Policy

• The CP specifies the preconditions that need to be met in order for • A certificate policy should include the following information:
certificates to be issued, published and revoked by the certificate 1. The method through which user’s identity is validated during certificate
authorities (CAs). enrolment.
• A certificate policy describes the measures taken to validate a 2. The certificate’s intended purpose
certificate’s subject prior to certificate issuance and the intended 3. The type of device in which the certificate’s private key is stored
purposes of the certificate. 4. The subject’s responsibility for the private key associated with the
certificate if the private key is compromised or lost
• For many organizations, the certificate-issuance policy determines 5. Revocation policies, procedures, and responsibilities
whether the presented certificate will be trusted.
• The CP also lets users and PKI maintainers know how to apply for a
certificate, the naming standards for certificates, and more.
Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

4.2 Object Identifiers 4.3 Policy Authorities

• To easily distinguish one Certificate Policy from another, each Certificate • Policy authorities (Policy Management Authorities) establish Certificate
Policy is assigned a globally unique OID. Policies.
• One or more OIDs can be specified in the Certificate Policies certificate • The policy authority itself may vary from one organization to another.
extension, which can be further qualified as appropriate. • Eg: Each organization may establish its own policies under the authority of the
• Certificate Policies can be placed in end-entity certificates as well as CA internal Information Technology Security (ITS) department or equivalent.
certificates. • Alternatively, this authority may emanate from a policy advisory board made up
• Cross-certificates may also contain the Policy Mappings extension, which of members from each major department in an organization.
permits a policy OID in one domain to be designated equivalent to a • In concert with the internal authority, an external policy authority may establish
policy OID in another domain. the Certificate Policies for a number of PKI domains that belong to the same
community of interest.
• Thus, if two PKI domains have each defined a Certificate Policy for the
exchange of their own internal e-mail and the two policies are deemed to • In any event, the applicable policy authority is responsible for registering
be equivalent by each domain, defining yet a third policy OID to allow e- Certificate Policies with the appropriate registration authority (for example, a
mail exchanges between the two domains is not needed. national registration authority) so that the Certificate Policy OIDs can be assigned
appropriately.
Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore. Page 11 of 22
 Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore.

4.4 CPS 4.5 Standard CPS format

• While the CP tells a user or maintainer what to do, the CPS tells them • RFC 3647 recommends a standard CPS format which includes the following
how to do it. sections:
• Introduction
• CPS is a public document that should be readily available to all the • Publication and Repository Responsibilities
participants so that a relying party can determine whether the certificates • Identification and Authentication (I&A)
issued by that CA meet its security requirements or not. • Initial registration for a certificate
• The CPS can contain the following information: • Renewal of a certificate
• How the CA will enforce the measures necessary to validate the certificate’s • Requests for revocation
subject, as required by the certificate policy. • Certificate Life-Cycle Operational Requirements
• The liability of the organization if an act of fraud is performed against the service • Facility, Management, and Operational Controls
protected by the certificate and the fault is found to be associated with the • Technical Security Controls
certificate. • Certificate, CRL, and OCSP Profiles
• The circumstances under which a certificate can be revoked before its expiration. • Compliance Audit and Other Assessment
• Other Business and Legal Matters
Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

6. Key and Certificate Management

5. Certification Authority
• The term key/certificate life-cycle management denotes the life-cycle
management functions associated with the creation, issuance, and
• Certification is the act of binding a subject name (and potentially subsequent cancellation of public/private-key pairs and their associated
other attributes) with a public key. certificates.
• The key/certificate life-cycle management process is associated with the
• This binding occurs in the form of a signed data structure referred to keying material, not with the identity of the individual, process, or
as a public-key certificate. component associated with that keying material.
• Assumptions regarding a comprehensive key/certificate life-cycle
• A Certification Authority (CA) is responsible for issuing these public- management:
key certificates. • End-entity management of key and certificate life cycle is not practical.
• The key/certificate life-cycle management must be automated as much as possible.
• These certificates are digitally signed with the private key of the • The key/certificate life-cycle management must not attract attention from the end
issuing CA. entity.
• It requires the secure operation and cooperation of trusted entities such as
Registration Authorities (RAs) and Certification Authorities (CAs), as well as client-
side software
Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore. Page 12 of 22
 Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore.

6. Key/Certificate Life-Cycle Management 6.1 Initialization Phase

• Phases of Key/Certificate Life Cycle • Initialization is composed of the following:
• Initialization Phase • End-entity registration
• Issued Phase • Key pair generation
• Cancellation Phase • Certificate creation
• Key/certificate distribution
• Certificate dissemination
• Key backup (if applicable)

Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

6.1.1 End Entity Registration 6.1.1 End Entity Registration

• End-entity registration is the process in which the identity of an
individual user or process is established and verified. • The registration process typically includes assigning one or more shared secrets
to the end entity in order to authenticate that end entity to the CA.
• One possible scenario where end-entity initialization involves both an • The actual registration requirements will vary based on the environment as well
RA and a CA. as the associated privileges implied by the issuance of a given certificate.
• For example, one might expect the registration process for an end user
authorized to approve multimillion dollar transactions to be rather rigid,
Note that other possible scenarios are also including
available. • Physical presence at the appropriate RA or CA
For example,
• Several forms of photographic identification such as a passport and employee identification
• All transactions could flow through the badge
RA,
• Any requisite authorization forms.
• The RA component may not exist at
all • The registration procedures associated with credentials that will be used solely
• The transactions would flow directly for noncommittal e-mail applications are expected to be much less stringent.
between the end entity and the CA.
Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore. Page 13 of 22
 Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore.

6.1.2 Key Pair Generation – Two Key Pair

6.1.2 Key Pair Generation
Model
• Key pair generation consists of the generation of a public/private-key • The notion of using distinct key pairs to separate non-repudiation
pair. services from confidentiality services is referred to as the two-key pair
• The keying material may be generated in advance of the end-entity model.
registration process or in direct response to the end-entity • The private key used to support digital signatures is referred to as
registration process. the signing private key, and the corresponding certificate is referred
• Keying material may be generated in to as the verification certificate.
• Client side • The certificate used for encryption purposes is referred to as the
• Trusted Third Party encryption certificate, and the corresponding private key is referred
• Multiple key pairs per end entity can be used to support separate to as the decryption private key.
and distinct services.
Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

6.1.3 Certificate Creation and Key/Certificate

6.1.4 Certificate Dissemination
Distribution
• Regardless of where key generation occurs, the responsibility for • Once the private-key and corresponding public-key certificate have been
certificate creation lies solely with an authorized CA. distributed, one or more methods for conveying the certificate to other
• If the public key was generated by an entity other than the CA, that public end entities must be available.
key must be securely conveyed to the CA so that it can be placed within a • Possible methods for disseminating this information include
certificate. • Out-of-band distribution (disseminating certificates to end entities using
• Certificate distribution requirements depend on several factors nonelectronic techniques such as physical delivery)
• Posting certificates in a public repository or database to facilitate on-demand and
• Intended use of the certificate on-line retrieval
• Any other considerations such as operational and/or policy constraints • In-band protocol distribution, for example, including the applicable verification
• Further, the distribution requirements associated with the private-keying certificate with a secure e-mail message (S/MIME)
material depends on where the keying material was generated and • In many cases, certificates used for digital signature verification purposes
whether key backup is required. are automatically disseminated to the intended recipients.
• Client side – No need for distribution • Whereas the certificates used for encryption and decryption has to be
• Elsewhere – Key must be distributed securely disseminated.
Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore. Page 14 of 22
 Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore.

6.1.5 Key Backup 6.2 Issued Phase

• Whether a trusted third party backs up a given key pair is • Once the private-key and the public-key certificate have been
determined by the governing policy for the environment under generated and appropriately distributed, the issued phase of the
consideration. key/certificate life-cycle management begins.
• It should also be possible to indicate whether backup is desired • This phase includes the following:
during the initialization process. • Certificate retrieval
• In particular, the CA that issues the corresponding certificate might • Certificate validation
carry out the key backup function, or it might be supported by a • Key recovery
separate key backup-and-recovery facility. • Key update

Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

6.2.1 Certificate Retrieval 6.2.2 Certificate Validation

• Certificate retrieval is concerned with the ability to readily access an • The process of determining whether a given certificate can be used
end-entity certificate when and as required. in a given context is referred to as certificate validation.
• The need to retrieve an end-entity certificate can be driven from two • Certificate validation includes determining the following:
separate usage requirements: • The certificate has been issued by a recognized trust anchor.
• The certificate's integrity is sound
• The need to encrypt data destined for another end entity
• The certificate is within its established validity period
• The need to verify a digital signature received from another end entity • The certificate has not been revoked.
• The certificate is being used in a manner that is consistent with any name
constraints, policy constraints, and/or intended usage restrictions
• Certificate validation is performed before cryptographic operations
based on its contained key are permitted.
Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore. Page 15 of 22
 Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore.

6.2.3 Key Recovery 6.2.4 Key Update

• Inevitably, some number of end users will lose access to the private- • Certificates are assigned a fixed lifetime when issued.
keying material that is used for decryption purposes.
• Without a key backup-and-recovery capability, the result could be the • When a certificate "nears" expiration, it is necessary to issue a new
permanent loss of enterprise-critical information. public/private key and the associated certificate.
• Thus, the key management life cycle includes the ability to recover • This is referred to as key update.
private decryption keys from a remote backup facility such as a trusted key
recovery center or a CA. • This should allow a reasonable transition time for relying parties to
• For reasons of scalability and to minimize the burden on both the PKI acquire the new certificate so as to avoid service outages related to
administrator and the end user, this process must be automated to the
maximum extent possible. possession of the expired certificate.
• Any comprehensive life-cycle management protocol must include support
for this capability.

Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

6.3 Cancellation Phase 6.3.1 Certificate Expiration

• The key/certificate life-cycle management concludes with the • Eventually, the established validity period of a given certificate will
cancellation phase. expire.
• This phase includes the following: • When a certificate expires, the following three events can occur with
• Certificate expiration respect to the end entity associated with that certificate:
• Certificate revocation • No action occurs when the end entity is no longer enrolled in the PKI.
• Key history • Certificate renewal occurs when the same public key is placed into a new
• Key archive certificate with a new validity period.
• Certificate update occurs when a new public/private-key pair is generated
and a new certificate is issued.

Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore. Page 16 of 22
 Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore.

6.3.2 Certificate Revocation 6.3.2 Certificate Revocation

• Certificate revocation is concerned with the timely cancellation of a
given certificate before it might naturally expire.
• The requirement to revoke a certificate can stem from a number of
factors, including
• Suspected private-key compromise
• Change in job status
• Termination of employment
• Under certain circumstances, an end user may personally initiate the
revocation of his or her own certificate

Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

6.3.3 Key History 6.3.4 Key Archive

• Since certificates are issued with fixed lifetimes, encryption keys • Key archive is the long-term storage of keying material typically
eventually expire. supported by a CA or other trusted party.
• However, this does not mean that all the data that was encrypted • Key archive differs from key history in the sense that archival can be
with that key should no longer be recoverable. used both for audit purposes and to help resolve disputes, especially
• It is therefore necessary to reliably and securely store keying material when coupled with trusted time-stamping and notarization services.
necessary for decryption even though the corresponding encryption
certificate has expired.
• This is referred to as key history.

Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore. Page 17 of 22
 Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore.

7. Certificate Revocation 7. Certificate Revocation

• Certificates are used to bind a name with their corresponding public key.
• Certificates must pass a well-established
• Normally, this binding is valid for the full lifetime of the issued certificate. validation process before they can be
• However, circumstances arise when an issued certificate should no longer used.
be considered valid, even when the certificate has not yet expired. • Part of that validation process includes
making sure that the certificate under
• Reasons for Certificate Revocation evaluation has not been revoked.
• Compromise of Private Key • Essentially, Certification Authorities (CAs)
• Change in Job Status are responsible for posting revocation
• Change in Enterprise information in some form or another.
• Erroneous information in the certificate • Relying parties must have a mechanism to
• End entity deemed to be untrustworthy either retrieve the revocation information
• Therefore, an efficient and reliable method must be provided to revoke a directly or rely on a trusted third party to
resolve the question on their behalf.
public-key certificate before it might naturally expire.
Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

7. Certificate Revocation 7.1 Periodic Publication Mechanisms

• Certificate revocation can be implemented in a number of ways. • CRLs
• One method is to use periodic publication mechanisms such as Certificate • Complete CRLs
Revocation Lists (CRLs), which can be instantiated in a number of different
forms or variations. • Certification Authority Revocation Lists (CARLs)
• There are also alternative on-line query mechanisms such as the Online • End-entity Public-key Certificate Revocation Lists (EPRLs)
Certificate Status Protocol (OCSP) • CRL Distribution Points (also known as Partitioned CRLs)
• The acceptable delay between discovering that the certificate should be • Delta and Indirect Delta CRLs
revoked and actually posting the revocation information in a form that can
be retrieved by a relying party should be specified as part of the governing • Indirect CRLs
Certificate Policy, and the revocation techniques used within a given • Redirect CRLs
domain must adhere to that policy.
• Certificate Revocation Trees (CRTs)
Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore. Page 18 of 22
 Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore.

7.1.1 Certificate Revocation

7.1.2 Complete CRLs
Lists (CRLs)
• CRLs are signed data structures that contain a list of • It is possible to create complete CRLs so that all revocation
revoked certificates. information associated with a particular CA domain is posted on a
• The digital signature appended to the CRL provides single CRL.
the integrity and authenticity of the CRL.
• The signer of the CRL is typically the same entity that • Complete CRL postings may be appropriate for some CA domains,
signed the issued certificates that are listed in the particularly those in which the number of end entities is relatively
CRL. small.
• However, the CRL may be signed by an entity other
than the certificate issuer. • Criticisms levied against the use of complete CRLs
• Drawbacks of Version 1 • Issue of scalability
• Scalability concern and functionality limitation concerns. • Timeliness of the posted certificate revocation information
• Generic Structure of Version 2 is indicated in the • It is fair to conclude that complete CRL postings will not be a viable
Figure.
alternative in many instances.
Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

7.1.3 Certification Authority Revocation Lists 7.1.4 End-entity Public-key Certificate

(CARLs) Revocation Lists (EPRLs)
• CARLs do not contain end-user certificate revocation information. • EPRLs is a CRL devoted exclusively to revocation information that is
• CARLs are used to revoke the public-key certificates of other CAs. associated with end entities.
• The issuer of a CARL is typically either a superior CA or the issuing CA is revoking
a cross-certificate issued by that CA. • Thus, by definition, EPRLs do not contain revocation information
• A CARL is identified using the Issuing Distribution Point and/or CRL Scope associated with CAs.
extension(s).
• Support for indirect CARLs is also possible.
• An EPRL is identified using the Issuing Distribution Point and/or CRL
• When validating a certificate path, a valid CARL must be available for each CA
Scope extension(s).
that has signed one or more certificates in that path. • A single EPRL could contain all the end entity revocation information
• The list of revoked certificates on a CARL will typically be absent or relatively for a given PKI domain, or it could be partitioned in a variety of ways.
small.
• Revocation of CA certificates is expected to be quite rare.
• Generally, a CA certificate need only be revoked when it is decommissioned or when
compromise of the CA's private key is known or suspected.
Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore. Page 19 of 22
 Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore.

7.1.5 CRL Distribution Points 7.1.6 Redirect CRLs

• AKA Partitioned CRLs • Partitioned CRL lacks
• It allows the revocation information within flexibility.
a single CA domain to be posted in • The Status Referral
multiple CRLs. extension provides a
• CRL Distribution Points have two significant capability to "redirect" a
benefits over complete CRLs: relying party to the
• The revocation information can be subdivided appropriate CRL.
or partitioned into more manageable pieces to
avoid the proliferation of voluminous CRLs. • Status Referral can "point
• The certificates can point to the location of the to" another location
CRL Distribution Point, so the relying party
doesn't need to have prior knowledge of where where the target CRL
the revocation information for a particular information actually
certificate might reside. resides.
Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

7.1.7 Delta and Indirect Delta CRLs

• The idea behind Delta CRLs is to allow incremental postings of Certificate Revocation
7.1.8 Indirect CRLs
information.
• The revocation information can be relative to a base CRL or it can be relative to a particular point
in time. • A single PKI domain may have several CAs.
Base CRL
• Combination of the base CRL and the Delta CRL constitutes all known revocation information, within the • Rather than force a relying party to retrieve multiple CRLs (one for each
indicated scope
Time CRL CA), the domain may decide to improve efficiency by combining all of that
• The Base Revocation Information references a particular point in time from which this Delta CRL provides domain's certificate revocation information into one Indirect CRL.
updates.
• The Delta CRL contains revocation information that was not available when the base CRL was • This may also prove useful in interdomain scenarios, to reduce traffic load
constructed.
• Eg: Base CRL constructed 1 time per month. Delta CRL constructed once every day. and cost.
• This allows for the publication of relatively small Delta CRLs that can be issued on a much more
frequent basis.
• One way to determine if a CRL is an Indirect CRL is to examine the Indirect
• Each subsequently issued Delta CRL contains the complete list of revoked certificates from the
CRL component in the Issuing Distribution Point extension.
previously issued Delta CRL, plus any new certificates that have been revoked. • If it is set to TRUE, then the CRL may contain revocation information from
• Thus, it is only necessary to retrieve the latest Delta CRL.
multiple sources.
• Delta CRLs have a validity period associated with them.
Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore. Page 20 of 22
 Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore.

7.1.9 Certificate Revocation Trees (CRTs) 7.1.9 Certificate Revocation Trees (CRTs)
• Paul Kocher proposed another method based on trees which this time are • We have three CAs with public key hashes CA1 < CA2 < CA3, where
hashed trees called Certificate Revocation Trees (CRT). [ValiCert company]
CA1 has revoked 3 certificates (156, 343, and 344), CA2 has revoked
• The main idea of this system is building of the tree using the revocation
information obtained from CAs. no certificates, and CA3 has 1 revoked certificate (987).
• This will be done by special authority called the CRT issuer. • The CRT issuer can now make the following statements about
• A CRT issuer can serve several CAs. certificate serial number X from a CA whose public key hash is CAX:
• The basic action is to write down statements about the numbers of the revoked
certificates so that each possible certificate number matches exactly one of these
statements.
• After this, the issuer hashes these statements into a binary hash tree and publishes
the value of the root hash.
• If a user requests information about a certain certificate, the CRT issuer finds the
matching statement and sends it back together with the necessary intermediate
hashes required to calculate the root value.

Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

If: −∞ < CAX < CA1 Then: Unknown CA (revocation status unknown) N0,0
N2,2 = H(N1,4|N1,5), where H is a hash function and “|” denotes
If: CAX = CA1 and −∞ ≤ X < 156 Then: X is revoked if and only if X = −∞. N0,1
concatenation.
Root value N4,0 will be made public.
If: CAX = CA1 and 156 ≤ X < 343 Then: X is revoked if and only if X = 156. N0,2

If: CAX = CA1 and 343 ≤ X < 344 Then: X is revoked if and only if X = 343. N0,3 Check the validity of the certificate number 600 from CA1

If: CAX = CA1 and 344 ≤ X < ∞, then: X is revoked if and only if X
If: CAX = CA1 and 344 ≤ X < ∞ Then: X is revoked if and only if X = 344. N0,4
= 344. N0,4

If: CA1 < CAX < CA2 Then: Unknown CA (revocation status unknown). N0,5
The verifier can hash this statement structure to get N0,5.
The supporting nodes in this example are N0,4, N1,3, N2,0 and N
If: CAX = CA2 and −∞ ≤ X < ∞ Then: X is revoked if and only if X = −∞. N0,6
The verifier can now use the secure hash function H to
compute:
If: CA2 < CAX < CA3 Then: Unknown CA (revocation status unknown). N0,7 N1,2 = H(N0,4|N0,5)
N2,1 = H(N1,2|N1,3)
If: CAX = CA3 and −∞ ≤ X < 987 Then: X is revoked if and only if X = −∞. N0,8 N3,0 = H(N2,0|N2,1)
N4,0 = H(N3,0|N3,1)
If: CAX = CA3 and 987 ≤ X < ∞ Then: X is revoked if and only if X = 987. N0,9

If: CA3 < CAX < ∞ Then: Unknown

Prepared CA Asst
by: Dr.Swetha.N.G., (revocation status
Prof Senior, Dept of unknown). N0,10 Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore. Page 21 of 22
 Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore.

7.2 On-line Query Mechanisms 7.2.1 Online Certificate Status Protocol (OCSP)
• The on-line mechanisms typically require that the relying party be on- • OCSP is a relatively simple request-
line whenever a question regarding the revocation status of a given response protocol that offers a vehicle for
certificate must be resolved. obtaining on-line revocation information
• Periodic publication mechanisms are better suited for off-line from a trusted entity referred to as an
operation because the revocation information can be cached. OCSP responder.
• Online Certificate Status Protocol (OCSP) achieved RFC Proposed
Standard status in June 1999. "good"
"revoked"
"unknown
"
Signed using OCSP
responders private key
Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

7.2.2 Simple Certificate Validation Protocol

References
(SCVP)
• SCVP is being developed within the PKIX Working Group to enable • SDSI - A Simple Distributed Security Infrastructure (mit.edu)
Delegated Path Validation (DPV) and Delegated Path Discovery • https://people.csail.mit.edu/rivest/pubs/RL96.ver-
(DPD) in the Internet environment. 1.1.html#secobjecttypes
• DPV allows a relying party to off-load the certificate validation process to a
trusted third party.
• DPD allows a relying party to off-load the sometimes-intensive certification
path construction process to a trusted third party.

Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of Prepared by: Dr.Swetha.N.G., Asst Prof Senior, Dept of
Analytics, SCOPE, VIT, Vellore. Analytics, SCOPE, VIT, Vellore.

Prepared by: Dr.Swetha.N.G., Assistant Professor Senior, Dept of Analytics, SCOPE, VIT, Vellore. Page 22 of 22