5.1.3 Security Consideration Citations

Implementers of this protocol are advised to consider the following security precautions, as OCSP client and server implementations should observe the following:

  • Follow generally accepted principles of secure key management. For more information, see section 9 of [RFC3280]. For an introduction to these generally accepted principles, see [CRYPTO] and [HOWARD].

  • Validate cryptographic parameters prior to issuing or accepting certificates. For more information, see section 9 of [RFC2797].

  • Validate and verify the certificate path information identified in section 6 of [RFC3280]. See section 9 of [RFC3280] for more information on the requirement for certificate path validation.

  • Validate and verify the freshness of revocation information of all digital certificates prior to usage, trust, or encryption as identified in section 6.3 of [RFC3280]. See section 9 of [RFC3280] for more information on the requirement for revocation freshness.

  • Follow all security considerations in section 5 of [RFC2560].

  • Follow all security considerations discussed throughout [RFC2315] and [RFC2986] as neither normative reference has a specific security section.

  • Use an authenticated HTTP session between client and server to mitigate denial-of-service attacks. For more information on generic denial-of-service mitigation techniques, see [HOWARD].