Notification Services for the Server-Based Certificate Validation Protocol

Date Added: Aug 2009
Format: PDF

The Server-Based Certificate Validation Protocol allows PKI clients to delegate to a server the construction or validation of certification paths. The protocol's specification focuses on the communication between the server and the client and its security. It does not discuss how the servers can efficiently locate the necessary PKI resources like certificate or certificate revocation lists. In this paper, the authors concentrate on this topic. They present a simple and effective method to facilitate locating and using various PKI resources by the servers, without modifying the protocol. They use the extension mechanism of the protocol for notifying the servers about PKI repositories, certificates, and revocations.