The online certificate security protocol are the standards upon which certificate issuing and authentication applications are built. The protocol states exactly what information must be provided to give the certificate status and identify the originating server.
When a server attempts to connect to a secured computer, there is an exchange of certificates. In order for the certificate to be authenticated, there is a standard set of information that must be exchanged and verified. The online certificate security protocol states what this information is and the format it must be transmitted in. Each transmission must include the protocol version, server request and target certificate identifier. There are also optional extensions that can be accepted by the online certificate security protocol responder.
When the online certificate security protocol responder receives the request, it checks if the message is formatted properly, that the servers being requested are available from the responder and if the required information is included. If not then an error message is sent to the originator.
The protocol provides the minimum standards, and includes the details of all the possible responses. All responses from accepted certificates must have one of the following; a signature from the originating certificate authority, a trusted third party or a certificate authenticator designated responder who is duly authorized to process these requests.
The online certificate security protocol can be compared to the locksmith industry. Although there are a wide range of lock companies, key companies and security options, there are base functions that are consistent across the industry, accepted standards form the basis for these agreements.
A positive response message has the response version, responder name, included responses, any optional extensions, algorithm signature and the signature calculated along the hash of the response. In the response, the certificate status is included and there are three options; good, revoked and unknown.
It is the responsibility of the online certificate security protocol client to confirm a signed response is valid, the signatory matches the recipient, the signatory is authorized the time of the status update is recent and the certificate received matches the one requested.
The rules of online certificate security protocol as an accepted standard format were created in June 1999, as part of a larger attempt to create a framework surrounding the management of certificates. The protocol was developed by the Network Working Group, with representatives from VeriSign, CertCo, ValiCert, My CFO and Entrust Technologies.
Each security certificate issuer has signed acceptance of this protocol and builds additional features into their competing product offerings, while maintaining the required infrastructures. It is the cooperation of these competing firms to create and comply with a standard practice that have allowed this industry to gain wide acceptance.
The online certificate security protocol covers a wide range of topics, including allowed responses from the certificate authentication program, required syntax, the development of standard error messages, archiving guidelines and how to manage security considerations and appropriate responses.