Information Technology Reference
In-Depth Information
contains the compulsory information. If any one of the prior conditions are not
met, the repository produces a response with an error message that it is indicated
in
MHTResponseStatus
(see Fig. 5); otherwise, it returns a response with the
appropriate status data.
The AD-MHT Response.
Fig. 5 shows the ASN1 description for an AD-MHT response. The response
syntax is more complex than the request since it must include the
D
igest and
one or two
aths for each target certificate (recall that we need to proof the
existence of the minor and major adjacent leaves to assure that a certificate is
not revoked).
The
BasicADMHTResponse
contains:
-
A
SignedTreeDigest
that is common for all the target certificates.
-
A
SingleADMHTResponse
per target certificate.
The
SignedTreeDigest
includes the
issuer
(i.e. the name of the RDI), the
validityPeriod
and the
rootHash
inclusion is optional because the client can
calculate it from the
P
ath, even though the RDI must include the
rootHash
in
the signature computation.
The
SingleADMHTResponse
includes the information necessary to check if
the target certificate is or it is not revoked. If the certificate has been revoked
minorAdjacent= majorAdjacent
and then, only the
minorAdjacent
is included
in the
P
ath. On the contrary, if the target certificate has not been revoked,
minorAdjacent
=
majorAdjacent
, and both
P
aths are included in the response.
The
TreePath
includes the
adjacentID
(
c
target
), the
status
(revocation date
and reason) and the
PathStep
s in a recursive fashion that allows to compute
H
root
. Each
PathStep
contains:
-
The cryptographic value(s) necessary to compute a cryptographic value in
the upper level.
-
The next
PathStep
(in the last instance, the root is reached).
The algorithm that allows to compute
H
root
is depicted below:
1. The
i
-th
PathStep
allows to compute
H
i
+1
.
H
i
+1
can be a
leftHash
,a
middleHash
or a
rightHash
in the (
i
+ 1)-th level.
2. If
H
i
+1
is a
leftHash
,
(a) If the (
i
+ 1)-th level has “2” nodes, then the
nextPathStep
will include
only a
middleHash
.
(b) If the (
i
+ 1)-th level has “3” nodes, then the
nextPathStep
will include
a
middleHash
and a
rightHash
.
3. If
H
i
+1
is a
middleHash
, then
(a) If the (
i
+ 1)-th level has “2” nodes, then the
nextPathStep
will include
only a
leftHash
.
(b) If the (
i
+ 1)-th level has “3” nodes, then the
nextPathStep
will include
a
leftHash
and a
rightHash
.
4. If
H
i
+1
is a
rightHash
, then the
nextPathStep
will include a
leftHash
and
a
middleHash
.
P