RFC 9654
Online Certificate Status Protocol (OCSP) Nonce Extension, August 2024
- File formats:
- Also available: XML file for editing
- Status:
- PROPOSED STANDARD
- Obsoletes:
- RFC 8954
- Updates:
- RFC 6960
- Author:
- H. Sharma, Ed.
- Stream:
- IETF
- Source:
- lamps (sec)
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC9654
Discuss this RFC: Send questions or comments to the mailing list spasm@ietf.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 9654
Abstract
RFC 8954 imposed size constraints on the optional Nonce extension for the Online Certificate Status Protocol (OCSP). OCSP is used to check the status of a certificate, and the Nonce extension is used to cryptographically bind an OCSP response message to a particular OCSP request message.
Some environments use cryptographic algorithms that generate a Nonce value that is longer than 32 octets. This document also modifies the "Nonce" section of RFC 6960 to clearly define and differentiate the encoding format and values for easier implementation and understanding. This document obsoletes RFC 8954, which includes updated ASN.1 modules for OCSP, and updates RFC 6960.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.