OCSP Digest Extension

Document Type Expired Internet-Draft (individual)
Authors Phillip Hallam-Baker  , Rob Stradling 
Last updated 2013-04-22 (latest revision 2012-10-19)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The OCSP digest extension creates a strong cryptographic binding between an OCSP token and the certificate it asserts a status value for. Support for the digest identifier extension permits a certificate issuer to employ a high assurance cryptographic digest function such as SHA2 to attest to the authenticity of their certificates in a fashion that is fully downwards compatible with legacy clients that only support SHA1.


Phillip Hallam-Baker (philliph@comodo.com)
Rob Stradling (rob.stradling@comodo.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)