OCSPResponse::=SEQUENCE{
responseStatusOCSPResponseStatus,
responseBytes[0]EXPLICITResponseBytesOPTIONAL}
OCSPResponseStatus::=ENUMERATED{
successful(0),--Responsehasvalidconfirmations
malformedRequest(1),--Illegalconfirmationrequest
internalError(2),--Internalerrorinissuer
tryLater(3),--Tryagainlater
--(4)isnotused
sigRequired(5),--Mustsigntherequest
unauthorized(6)--Requestunauthorized
}
ResponseBytes::=SEQUENCE{
responseTypeOBJECTIDENTIFIER,
responseOCTETSTRING}
BasicOCSPResponse::=SEQUENCE{
tbsResponseDataResponseData,
signatureAlgorithmAlgorithmIdentifier,
signatureBITSTRING,
certs[0]EXPLICITSEQUENCEOFCertificateOPTIONAL}
ResponseData::=SEQUENCE{
version[0]EXPLICITVersionDEFAULTv1,
responderIDResponderID,
producedAtGeneralizedTime,
responsesSEQUENCEOFSingleResponse,
responseExtensions[1]EXPLICITExtensionsOPTIONAL}
ResponderID::=CHOICE{
byName[1]Name,
byKey[2]KeyHash}
KeyHash::=OCTETSTRING--SHA-1hashofresponder"spublickey
--(excludingthetagandlengthfields)
SingleResponse::=SEQUENCE{
certIDCertID,
certStatusCertStatus,
thisUpdateGeneralizedTime,
nextUpdate[0]EXPLICITGeneralizedTimeOPTIONAL,
singleExtensions[1]EXPLICITExtensionsOPTIONAL}
CertStatus::=CHOICE{
good[0]IMPLICITNULL,
revoked[1]IMPLICITRevokedInfo,
unknown[2]IMPLICITUnknownInfo}
RevokedInfo::=SEQUENCE{
revocationTimeGeneralizedTime,
revocationReason[0]EXPLICITCRLReasonOPTIONAL}
UnknownInfo::=NULL--thiscanbereplacedwithanenumeration
ArchiveCutoff::=GeneralizedTime
AcceptableResponses::=SEQUENCEOFOBJECTIDENTIFIER
ServiceLocator::=SEQUENCE{
issuerName,
locatorAuthorityInfoAccessSyntax}
--ObjectIdentifiers
id-kp-OCSPSigningOBJECTIDENTIFIER::={id-kp9}
id-pkix-ocspOBJECTIDENTIFIER::={id-ad-ocsp}
id-pkix-ocsp-basicOBJECTIDENTIFIER::={id-pkix-ocsp1}
id-pkix-ocsp-nonceOBJECTIDENTIFIER::={id-pkix-ocsp2}
id-pkix-ocsp-crlOBJECTIDENTIFIER::={id-pkix-ocsp3}
id-pkix-ocsp-responseOBJECTIDENTIFIER::={id-pkix-ocsp4}
id-pkix-ocsp-nocheckOBJECTIDENTIFIER::={id-pkix-ocsp5}
id-pkix-ocsp-archive-cutoffOBJECTIDENTIFIER::={id-pkix-ocsp6}
id-pkix-ocsp-service-locatorOBJECTIDENTIFIER::={id-pkix-ocsp7}
END
附录C MIME注册
C.1 application/ocsp-request(应用/OCSP-请求)
To(寄往):ietf-types@iana.org
Subject(主题):RegistrationofMIMEmediatypeapplication/ocsp-request
MIMEmediatypename:application
MIME媒介类型名称:应用
MIMEsuBTypename:ocsp-request
MIME副类型名称:OCSP-请求
Requiredparameters:None
必要参数:无
Optionalparameters:None
可选参数:无
Encodingconsiderations:binary
编码考虑:二进制
Securityconsiderations:Carriesarequestforinformation.This
requestmayoptionallybecryptographicallysigned.
安全考虑:携带一个信息请求 。这个请求可以被密码签名 。
Interoperabilityconsiderations:None
协同能力考虑:无
Publishedspecification:IETFPKIXWorkingGroupDraftonOnlineCertificateStatus
Protocol-OCSP
公布规范:IETFPKIX工作组在线证书状态协议草案——OCSP
Applicationswhichusethismediatype:OCSPclients
使用这种媒介类型的应用:OCSP客户端
Additionalinformation:
附加信息:
Magicnumber(s):None
魔术号:无
Fileextension(s):.ORQ
物件后缀:ORQ
MacintoshFileTypeCode(s):none
Macintosh文件类型编码:无
Person&emailaddresstocontactforfurtherinformation:
AmbarishMalpani
假如要获得更多信息请寄往私人EMAIL地址AmbarishMalpani
Intendedusage:COMMON
计划用途:普通
Author/Changecontroller:
推荐阅读
- X.509证书请求消息格式
- 因特网延迟交谈:体系结构
- Ipv6 针对因特网协议第六版的
- 因特网交换密钥
- 因特网子网
- IMAP & IMAP4:因特网信息访问协议
- IP电话综述
- Linux使用ssh公钥实现免密码登录实例 linux配置公钥登陆ssh
- 因特网域名长度不能超过多长 因特网域名长度不能超过
- 把公钥基础设施称为( A三角信任模型 把公钥基础设施称为