57 OCSP server contains the revocation information for all the certificates to |
57 OCSP server contains the revocation information for all the certificates to |
58 be checked. One request containing all the certificates is sent to the responder |
58 be checked. One request containing all the certificates is sent to the responder |
59 (in this case, the OCSP server), which replies with a single response. The |
59 (in this case, the OCSP server), which replies with a single response. The |
60 following figure illustrates the interaction between the OCSP client and a |
60 following figure illustrates the interaction between the OCSP client and a |
61 single destination responder. </p> <fig id="GUID-11F6D229-29D0-510A-AB8A-64A906DC00F7"> |
61 single destination responder. </p> <fig id="GUID-11F6D229-29D0-510A-AB8A-64A906DC00F7"> |
62 <image href="GUID-8E3F3745-7875-51A2-BDA1-AA537C7B220E_d0e650738_href.png" placement="inline"/> |
62 <image href="GUID-8E3F3745-7875-51A2-BDA1-AA537C7B220E_d0e639363_href.png" placement="inline"/> |
63 </fig> </li> |
63 </fig> </li> |
64 <li id="GUID-185C0C91-CC3F-5198-8EAB-BB1BF748A3D0"><p> <b>Multiple OCSP responders |
64 <li id="GUID-185C0C91-CC3F-5198-8EAB-BB1BF748A3D0"><p> <b>Multiple OCSP responders |
65 using an intermediate OCSP server</b> </p> <p>Multiple OCSP responders use |
65 using an intermediate OCSP server</b> </p> <p>Multiple OCSP responders use |
66 an intermediate OCSP server to route requests to the appropriate destination |
66 an intermediate OCSP server to route requests to the appropriate destination |
67 responders. One request is sent to the intermediate server, which sends multiple |
67 responders. One request is sent to the intermediate server, which sends multiple |
68 individual requests to the destination responders. The responses are collated, |
68 individual requests to the destination responders. The responses are collated, |
69 and one response is sent back to the client. The following figure shows the |
69 and one response is sent back to the client. The following figure shows the |
70 interaction between an OCSP client and multiple destination responders by |
70 interaction between an OCSP client and multiple destination responders by |
71 using an intermediate responder. </p> <fig id="GUID-964E18AA-E4F7-5A71-A2F3-19F3007C24C6"> |
71 using an intermediate responder. </p> <fig id="GUID-964E18AA-E4F7-5A71-A2F3-19F3007C24C6"> |
72 <image href="GUID-2EF123C9-62A2-52FF-9792-66EF41F37452_d0e650754_href.png" placement="inline"/> |
72 <image href="GUID-2EF123C9-62A2-52FF-9792-66EF41F37452_d0e639379_href.png" placement="inline"/> |
73 </fig> </li> |
73 </fig> </li> |
74 <li id="GUID-F092252F-79EF-58E2-A596-77D3FC07CC54"><p> <b>Multiple OCSP responders |
74 <li id="GUID-F092252F-79EF-58E2-A596-77D3FC07CC54"><p> <b>Multiple OCSP responders |
75 without an intermediate server</b> </p> <p>The client does the work of sending |
75 without an intermediate server</b> </p> <p>The client does the work of sending |
76 each request to the appropriate responder. The client collates the responses |
76 each request to the appropriate responder. The client collates the responses |
77 received. The following figure shows the interaction between the client and |
77 received. The following figure shows the interaction between the client and |
78 multiple destination responders. </p> <fig id="GUID-223A3DB6-538E-5A4E-946C-87AA03449857"> |
78 multiple destination responders. </p> <fig id="GUID-223A3DB6-538E-5A4E-946C-87AA03449857"> |
79 <image href="GUID-A6F1F6AC-5D3C-5055-AEF1-B64671941BCB_d0e650770_href.png" placement="inline"/> |
79 <image href="GUID-A6F1F6AC-5D3C-5055-AEF1-B64671941BCB_d0e639395_href.png" placement="inline"/> |
80 </fig> </li> |
80 </fig> </li> |
81 </ul> <p>The choice of the correct method of interaction between the client |
81 </ul> <p>The choice of the correct method of interaction between the client |
82 and the responders depends on the nature of the Public Key Infrastructure |
82 and the responders depends on the nature of the Public Key Infrastructure |
83 (PKI) and the availability of OCSP responders for routing requests as intermediates. </p> </section> |
83 (PKI) and the availability of OCSP responders for routing requests as intermediates. </p> </section> |
84 <section id="GUID-891303A3-070F-40D2-9382-40A1165928DE"><title>Revocation check results</title> <p>If the response sent by |
84 <section id="GUID-891303A3-070F-40D2-9382-40A1165928DE"><title>Revocation check results</title> <p>If the response sent by |