Information Technology Reference
In-Depth Information
contains the compulsory information. If any one of the prior conditions are not
met, the repository produces a response with an error message that it is indicated
in MHTResponseStatus (see Fig. 5); otherwise, it returns a response with the
appropriate status data.
The AD-MHT Response.
Fig. 5 shows the ASN1 description for an AD-MHT response. The response
syntax is more complex than the request since it must include the
D
igest and
one or two
aths for each target certificate (recall that we need to proof the
existence of the minor and major adjacent leaves to assure that a certificate is
not revoked).
The BasicADMHTResponse contains:
- A SignedTreeDigest that is common for all the target certificates.
- A SingleADMHTResponse per target certificate.
The SignedTreeDigest includes the issuer (i.e. the name of the RDI), the
validityPeriod and the rootHash inclusion is optional because the client can
calculate it from the
P
ath, even though the RDI must include the rootHash in
the signature computation.
The SingleADMHTResponse includes the information necessary to check if
the target certificate is or it is not revoked. If the certificate has been revoked
minorAdjacent= majorAdjacent and then, only the minorAdjacent is included
in the
P
ath. On the contrary, if the target certificate has not been revoked,
minorAdjacent = majorAdjacent , and both P aths are included in the response.
The TreePath includes the adjacentID ( c target ), the status (revocation date
and reason) and the PathStep s in a recursive fashion that allows to compute
H root . Each PathStep contains:
- The cryptographic value(s) necessary to compute a cryptographic value in
the upper level.
- The next PathStep (in the last instance, the root is reached).
The algorithm that allows to compute H root is depicted below:
1. The i -th PathStep allows to compute H i +1 . H i +1 can be a leftHash ,a
middleHash or a rightHash in the ( i + 1)-th level.
2. If H i +1 is a leftHash ,
(a) If the ( i + 1)-th level has “2” nodes, then the nextPathStep will include
only a middleHash .
(b) If the ( i + 1)-th level has “3” nodes, then the nextPathStep will include
a middleHash and a rightHash .
3. If H i +1 is a middleHash , then
(a) If the ( i + 1)-th level has “2” nodes, then the nextPathStep will include
only a leftHash .
(b) If the ( i + 1)-th level has “3” nodes, then the nextPathStep will include
a leftHash and a rightHash .
4. If H i +1 is a rightHash , then the nextPathStep will include a leftHash and
a middleHash .
P
Previous Page
Next Page
Computer Network Security
Search WWH ::




Custom Search
Home