- id-pkix-ocsp-nocheck

Submitted by robert.millan at rogers.com from host ( on Mon Apr 11 20:46:41 CEST 2005 using a WWW entry form.

OID value:

OID description: Revocation Checking of an Authorized Responder Since an Authorized OCSP responder provides status information for one or more CAs, OCSP clients need to know how to check that an authorized responder's certificate has not been revoked. CAs may choose to deal with this problem in one of three ways: - A CA may specify that an OCSP client can trust a responder for the lifetime of the responder's certificate. The CA does so by including the extension id-pkix-ocsp-nocheck. This SHOULD be a non-critical extension. The value of the extension should be NULL. CAs issuing such a certificate should realized that a compromise of the responder's key, is as serious as the compromise of a CA key used to sign CRLs, at least for the validity period of this certificate. CA's may choose to issue this type of certificate with a very short lifetime and renew it frequently. id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }

URL for further info: http://www.ietf.org/rfc/rfc2560.txt?number=2560

See also the OID Repository website reference for

Superior references

Search for text in all OIDs starting with

Go to the top node if you need to search all entries.
Tell me about OIDs you know about
Incoming OIDs that have not been proofread yet
Entered: Mon Apr 11 20:46:41 CEST 2005 (not changed manually)