RFC 3379 (rfc3379) - Page 1 of 15
Delegated Path Validation and Delegated Path Discovery Protocol Requirements
Alternative Format: Original Text Document
Network Working Group D. Pinkas
Request for Comments: 3379 Bull
Category: Informational R. Housley
RSA Laboratories
September 2002
Delegated Path Validation and Delegated Path Discovery
Protocol Requirements
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract
This document specifies the requirements for Delegated Path
Validation (DPV) and Delegated Path Discovery (DPD) for Public Key
Certificates. It also specifies the requirements for DPV and DPD
policy management.
1. Introduction
This document specifies the requirements for Delegated Path
Validation (DPV) and Delegated Path Discovery (DPD) for Public Key
Certificates, using two main request/response pairs.
Delegated processing provides two primary services: DPV and DPD.
Some clients require a server to perform certification path
validation and have no need for data acquisition, while some other
clients require only path discovery in support of local path
validation.
The DPV request/response pair, can be used to fully delegate path
validation processing to an DPV server, according to a set of rules,
called a validation policy.
The DPD request/response pair can be used to obtain from a DPD server
all the information needed (e.g., the end-entity certificate, the CA
certificates, full CRLs, delta-CRLs, OCSP responses) to locally
validate a certificate. The DPD server uses a set of rules, called a
path discovery policy, to determine which information to return.
Pinkas & Housley Informational