PKI Interoperability Based on Online Certificate Validation

摘要

One of the most important problems related to Public Key Infrastructures is the validation of the digital certificates. Certificate validation services can be based on offline and/or online schemes. Offline schemes have the major disadvantage that they cannot always give an up-to-date response. On the other side, the most used protocol for online validation, the Online Certificate Status Protocol [1], also has its drawbacks. It can only state if a certificate has been revoked or not. RFC 5055 [2] defines a more complex protocol, the Server-based Certificate Validation Protocol (SCVP), capable of building and validating the certification path. To implement a basic functionality of this new protocol, we will start from an existing project, the CADDISK and we will try to implement an OpenSSL module.