Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Delegated Path Validation
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Validation policy == DPV allows a server to handle the entire process of path validation based on a set of predefined rules known as a validation policy. <ref name=RFC3379 /> This policy may involve multiple [[Trust anchor|trust anchors]]. A trust anchor is characterized by a public key, a Certificate Authority (CA) name, and a validity period; it may also have additional constraints.<ref>{{Cite book |last1=Ma |first1=Zane |last2=Austgen |first2=James |last3=Mason |first3=Joshua |last4=Durumeric |first4=Zakir |last5=Bailey |first5=Michael |chapter=Tracing your roots: Exploring the TLS trust anchor ecosystem |date=2021-11-02 |title=Proceedings of the 21st ACM Internet Measurement Conference |chapter-url=https://doi.org/10.1145/3487552.3487813 |series=IMC '21 |location=New York, NY, USA |publisher=Association for Computing Machinery |pages=179β194 |doi=10.1145/3487552.3487813 |isbn=978-1-4503-9129-0}}</ref> A [[self-signed certificate]] can be used to designate the public key, issuer name, and the validity period for a [[trust anchor]]. Additional constraints for trust anchors can be defined, such as certification policy constraints or naming constraints. These constraints can also be part of self-signed certificates.<ref name="RFC3379" /> For successful path validation, a valid certification path must be established between the end-entity certificate and a trust anchor, ensuring that none of the certificates in the path are expired or revoked, and all constraints on the path must be met.<ref name=RFC3379 /> A validation policy consists of three main components:<ref name="RFC3379" /> # Certification path requirements: these define the sequence of trust anchors needed to start the certification path processing and the initial conditions for validation; # Revocation requirements: these specify the checks needed on the end-entity and CA certificates to ensure they have not been revoked; # End-entity certificate specific requirements: these may require the end-entity certificate to include specific extensions with certain types or values.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)