OCSP Extensions

Document Type Expired Internet-Draft (pkix WG)
Author Phillip Hallam-Baker 
Last updated 1999-10-13
Stream IETF
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The OCSP protocol [RFC2560] enables online validation of the reliability of a digital certificate. RFC2560 defines a mandatory-to-implement mechanism supporting the revocation status of the certificate and defines and optional extension mechanism to support a richer set of semantics (e.g. full path validation by the OCSP server). This document defines Internet-standard extensions to OCSP that enable a client to delegate processing of certificate acceptance functions to a trusted server. The client may control the degree to which delegation takes place. In addition limited support is provided for delegating authorization decisions.


Phillip Hallam-Baker (pbaker@verisign.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)