May 11-13, 2022 | Washington, DC

Integrating Identity Quality Metrics with OCSP Responses (G11c)

01 Sep 2021
11:40-12:10

Integrating Identity Quality Metrics with OCSP Responses (G11c)

Online Certificate Status Protocol (OCSP) gives users of a PKI a means of knowing whether an x.509 certificate is valid in real time. The protocol is intended to replace the Certificate Revocation List method, where a certificate could have become invalid after the list was published. This presentation describes a method for reporting additional essential information about a certificate besides its current validity. While the protocol, which we are calling OCSP++, is designed to report identity quality metrics as measured by systems such as NIST 800-63-3 Level of Assurance and Osmio IDQA, it can be used to convey other essential but mutable information about the certificate and its subject.