Information Technology Reference
In-Depth Information
Fig. 1.
ACSP (I)
3.1.1 ACSP (I).
STEP1.
Alice sends a message
M
with a signature value
S
, and the certificate
Cert
.
If Alice's certificate satisfies Bob's recency period, he accepts Alice's cer-
tificate as valid and halts ACSP protocol. Otherwise, the following steps are
executed.
STEP2.
Bob sends an ACSP request to the CA in order to check whether
Cert
is revoked or not.
STEP3.
The CA checks the revocation status of
Cert
. As an ACSP response,
Cert
and sends
Cert
to Bob. After receiving
the CA generates a new certificate
Cert
, Bob can decide whether Alice's certificate
the ACSP response
Cert
is
revoked or not.
Cert
to Alice and she may replace
STEP4.
Bob sends the re-issued certificate
Cert
.
Cert
with
,
STEP2, STEP3 and STEP4 are not executed. Therefore, the CA does not need
to be involved in this transaction. This relieves CA's workload.
In case Alice's certificate
In case Alice's certificate
Cert
satisfies Bob's recency period
t
, i.e.
t
q
−t
1
≤ t
Cert
does not satisfy Bob's recency period
t
, i.e.
t
q
− t
1
>t
, STEP2, STEP3 and STEP4 are executed. If
Cert
is not revoked,
Cert
, where
Cert
is a new certificate of
the CA generates an ACSP response
Cert
to
which validity period is from
t
q
to
t
2
. Bob forwards this new certificate
Cert
Cert
. Since the issuance time
t
1
of
Cert
Alice, and Alice can replace
with
t
q
Cert
, Alice's new certificate
Cert
is replaced by the new issuance time
of
will satisfy most acceptors' recency periods in the following transactions.
Note that STEP4 can be omitted if Bob does not want to send
Cert
to Alice,
or if Alice does not want to replace
Cert
with
Cert
. There is no harmful effect
