Basic PKI Implementation
- Alice and Bob have public key certificates issued by Ivan, the Certificate Authority (CA).
- Alice wishes to perform a transaction with Bob and sends him her public key certificate.
- Bob, concerned that Alice's private key may have been compromised, creates an 'OCSP request' that contains Alice's certificate serial number and sends it to Ivan.
- Ivan's OCSP responder reads the certificate serial number from Bob's request. The OCSP responder uses the certificate serial number to look up the revocation status of Alice's certificate. The OCSP responder looks in a CA database that Ivan maintains. In this scenario, Ivan's CA database is the only trusted location where a compromise to Alice's certificate would be recorded.
- Ivan's OCSP responder confirms that Alice's certificate is still OK, and returns a signed, successful 'OCSP response' to Bob.
- Bob cryptographically verifies Ivan's signed response. Bob has stored Ivan's public key sometime before this transaction. Bob uses Ivan's public key to verify Ivan's response.
- Bob completes the transaction with Alice.
Read more about this topic: Online Certificate Status Protocol
Famous quotes containing the word basic:
“The gay world that flourished in the half-century between 1890 and the beginning of the Second World War, a highly visible, remarkably complex, and continually changing gay male world, took shape in New York City.... It is not supposed to have existed.”
—George Chauncey, U.S. educator, author. Gay New York: Gender, Urban Culture, and the Making of the Gay Male World, 1890-1940, p. 1, Basic Books (1994)
Related Phrases
Related Words