Internet-Draft C509 Revocation July 2026
Liao, et al. Expires 7 January 2027 [Page]
Workgroup:
COSE Working Group
Internet-Draft:
draft-liao-cose-c509-revocation-00
Published:
Intended Status:
Standards Track
Expires:
Authors:
L. Liao
NIO
M. Tiloca
RISE AB
J. Höglund
RISE AB
R. Höglund
RISE AB
S. Raza
University of Glasgow

CBOR Encoded Certificate Revocation Management

Abstract

This document specifies CBOR-encoded PKI structures for use with C509 certificates (draft-ietf-cose-cbor-encoded-cert), X.509 certificates (RFC 5280), and future certificate types. It defines C509 CRL and C509 OCSP, compact CBOR encodings of X.509 Certificate Revocation Lists (RFC 5280) and OCSP messages (RFC 6960), respectively. The structures defined in this document are certificate-type agnostic and can be used with C509 certificates, X.509 certificates, or future certificate types without modification. C509 OCSP improves on RFC 6960 by signing a wider set of fields to prevent algorithm-substitution and certificate-chain substitution attacks, replacing plaintext serial numbers with hashes to preserve requestor privacy, replacing the two-hash issuer identity with a single certificate hash, and identifying all participants (requestor, responder, issuer) by a uniform certificate hash rather than type-specific fields. C509 CRL and C509 OCSP are not wire-format-compatible with their DER-encoded X.509 counterparts and cannot be converted to or from them without semantic interpretation.

About This Document

This note is to be removed before publishing as an RFC.

Status information for this document may be found at https://datatracker.ietf.org/doc/draft-liao-cose-c509-revocation/.

Discussion of this document takes place on the CBOR Object Signing and Encryption (cose) Working Group mailing list (mailto:cose@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/cose/. Subscribe at https://www.ietf.org/mailman/listinfo/cose/.

Source for this draft and an issue tracker can be found at https://github.com/lijun-nio/idc509rev.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 7 January 2027.

Table of Contents

1. Introduction

Public Key Infrastructure (PKI) for constrained environments [RFC7228] requires compact certificate representations and compact revocation information. [I-D.ietf-cose-cbor-encoded-cert] defines C509 certificates, a CBOR encoding of X.509 certificates [RFC5280] that reduces certificate size by over 50% for typical constrained-device profiles. However, revocation mechanisms -- Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP) messages -- have not yet received the same treatment.

CRLs as defined in [RFC5280] can be large, especially when many certificates have been revoked or when CRL extensions add overhead. OCSP responses as defined in [RFC6960] carry per-certificate status information and may be exchanged during TLS [RFC8446] and DTLS [RFC9147] handshakes via OCSP stapling [RFC6066], directly affecting handshake latency.

Note on terminology: The label "C509" is used for consistency with the C509 certificate encoding and to promote a cohesive C509 PKI ecosystem (C509 certificates, CRLs, OCSP, and related tooling). Although this document uses "C509" in its names, the encodings and protocols defined here are certificate-type agnostic and apply equally to X.509 certificates and other certificate types; see Section 6.5.

This document specifies:

C509 CRL and C509 OCSP apply the same compression techniques as C509 certificates: static fields are elided, OIDs are replaced with short integers, time values are compressed to POSIX timestamps, and redundant encoding is removed. Implementers may use the CBOR playground [CborMe] to inspect encoded examples.

C509 CRL and C509 OCSP are not wire-format-compatible with their DER-encoded counterparts defined in [RFC5280] and [RFC6960]. Systems that use C509 CRL or C509 OCSP must explicitly support these CBOR-encoded formats; they cannot be transparently substituted for or derived from the corresponding DER-encoded structures.

C509 CRL and C509 OCSP are designed to be compatible with certificate profiles for constrained deployments, such as [RFC7925].

2. Terminology

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

This document uses the terminology from [RFC5280], [RFC6960], [RFC7228], [RFC8610], [RFC8742], [RFC8949], and [RFC9682]. Unless otherwise stated, "CBOR" refers to deterministically encoded CBOR as specified in Sections 4.2.1 and 4.2.2 of [RFC8949].

3. Imported Definitions

The following types are imported from [I-D.ietf-cose-cbor-encoded-cert]:

The following type is imported from [RFC9360]:

This document further defines the following constrained alias for use in all CDDL definitions:

IntAlgorithmIdentifier = int

IntAlgorithmIdentifier is the int-only instantiation of AlgorithmIdentifier from [I-D.ietf-cose-cbor-encoded-cert]. It is used throughout this document wherever an algorithm identifier appears in the wire encoding.

4. Encoding of Time Fields

Time fields are encoded as unwrapped CBOR epoch-based date/time (~time). The tag content MUST be a non-negative integer. In POSIX time [POSIX], leap seconds are ignored; a leap second has the same POSIX time as the second before it.

5. C509 CRL

5.1. Overview

A C509 CRL is a natively signed CBOR [RFC8949] encoding of an X.509 v2 CRL as defined in [RFC5280], Section 5. The signature is computed over the CBOR Sequence [RFC8742] TBSCertList; no ASN.1 encoding is involved. A C509 CRL preserves the semantics of the corresponding DER-encoded X.509 CRL for the subset of RFC 5280 structures supported by this document.

A C509 CRL is not wire-format-compatible with a DER-encoded X.509 CRL. The two formats cannot be mechanically converted to or from each other without semantic interpretation of the contained data.

5.2. C509 CRL CDDL

The following CDDL defines the top-level C509CRL structure and the TBSCertList sequence:

C509CRL = [
  TBSCertList,
  signatureValue : any,
]

TBSCertList = (
  CRLInfoData,
  revokedCertsList       : [+ PerIssuerRevokedCerts] / null
)

C509CRLInfo = [ CRLInfoData ]

CRLInfoData = (
  crlType                : uint,   ; 0 = C509CRL
  signatureAlgorithm     : IntAlgorithmIdentifier,
  authoritySubject       : Name / #6.121(bytes),
  authorityKeyIdentifier : bytes / null,
  crlNumber              : uint,
  thisUpdate             : ~time,
  nextUpdate             : uint / null,
  baseCrlNumber          : uint / null,
  crlExtensions          : Extensions,
)

PerIssuerRevokedCerts = (
  issuer                 : Name / #6.121(bytes) / null,
  revokedCertsControl    : RevokedCertsControl / null,
  extensions             : Extensions,
  revokedCerts           : bytes / null,
  removedFromCRLCerts    : bytes / null,
)

RevokedCertsControl = [
  flags               : uint,
  serialNumberLength  : uint,
  dateLength          : uint,
  baseDate            : ~time,
]
Figure 1: CDDL for C509CRL

5.3. Field Encodings

5.3.1. CRLInfoData and C509CRLInfo

CRLInfoData is a CDDL group that carries all CRL fields except revokedCertsList. C509CRLInfo is the standalone CBOR array form of CRLInfoData; it can be used to convey CRL freshness information (crlType, signature algorithm, issuer identity, CRL number, validity window, extensions) without the potentially large revocation list. TBSCertList embeds CRLInfoData and adds revokedCertsList.

5.3.2. crlType

The crlType field serves as the type discriminator for C509CRL, following the same extensibility pattern as ocspRequestType and ocspResponseType. This document defines only type 0, corresponding to the C509CRL structure. Future specifications may define additional types by assigning new integer values.

5.3.3. signatureAlgorithm

Encoded identically to the int choice of issuerSignatureAlgorithm in C509 certificates (see [I-D.ietf-cose-cbor-encoded-cert], Section 3.1.11). Algorithm integer values are from the same registry used for C509 certificates.

Unlike in [RFC5280], where the signature algorithm appears outside the TBSCertList and is therefore not covered by the CRL signature, signatureAlgorithm is part of CRLInfoData within TBSCertList and is therefore covered by the signature. This prevents algorithm-substitution attacks on the CRL.

5.3.4. authoritySubject and authorityKeyIdentifier

The authoritySubject and authorityKeyIdentifier fields identify the CRL authority.

The authoritySubject field identifies the subject of the CRL issuer. When the CRL is issued by a C509 CA, authoritySubject is a Name value identical to the subject field of the authority C509 certificate. When the CRL is issued by an X.509 CA (e.g., in a hybrid deployment where a legacy CA issues a C509-format CRL), authoritySubject is encoded as #6.121(bytes), where the byte string contains the DER-encoded Name from the subject field of the issuing X.509 CA certificate ([X.690]).

The authorityKeyIdentifier field is identical to the value of the authority's subjectKeyIdentifier extension. This field corresponds to the X.509 CRL extension authorityKeyIdentifier ([RFC5280], Section 5.2.1). It is promoted to a dedicated field because it MUST be present in conforming X.509 CRLs and because making it explicit simplifies the structure and reduces encoded size compared to representing it as a generic extension.

5.3.5. crlNumber

The crlNumber field is encoded as an unsigned integer (uint). It corresponds to the cRLNumber extension in [RFC5280], Section 5.2.3, which this document replaces with a dedicated field. The value is monotonically increasing for both full and delta CRLs.

5.3.6. thisUpdate and nextUpdate

The thisUpdate field is encoded as described in Section 4. The nextUpdate field is encoded as a uint representing the number of seconds from thisUpdate until the next CRL is expected to be issued. It is encoded as null when no next update time is known.

5.3.7. baseCrlNumber

The baseCrlNumber field is encoded as null for a full CRL. For a delta CRL, it contains the CRL number of the corresponding base full CRL.

5.3.8. reasonCode Encoding

The reasonCode ENUMERATED value is encoded as one unsigned byte. The byte values are aligned with the ENUMERATED values of the CRLReason type defined in [RFC5280], Section 5.3.1; a C509 revocationReason byte value equals the corresponding ASN.1 ENUMERATED integer value for the same reason code.

Table 1: reasonCode encoding
Byte reasonCode
0x00 unspecified
0x01 keyCompromise
0x02 cACompromise
0x03 affiliationChanged
0x04 superseded
0x05 cessationOfOperation
0x06 certificateHold
- removeFromCRL
0x09 privilegeWithdrawn
0x0A aACompromise

removeFromCRL (enumeration value 0x08) is not encoded in revokedCerts. Certificates removed from the CRL are instead indicated in the removedFromCRLCerts field of PerIssuerRevokedCerts.

5.3.9. revokedCertsList and PerIssuerRevokedCerts

5.3.9.1. Design Considerations

In X.509 CRLs ([RFC5280], Section 5.3.3), an indirect CRL uses the certificateIssuer CRL entry extension to indicate that a revocation entry — and all subsequent entries — belong to a different issuer. This mechanism has two significant drawbacks: (1) it is implicit and positional, making it difficult to parse correctly and error-prone to implement; and (2) it is impossible to represent an issuer that has no currently revoked certificates (e.g., to carry per-issuer extensions or to explicitly indicate that the issuer is known but has an empty revocation list), because there is no entry to attach the certificateIssuer extension to.

PerIssuerRevokedCerts solves both problems by introducing an explicit intermediate structure that groups all revocation information for one issuer. The issuer is identified directly in the issuer field of the structure rather than being inferred from the position of a CRL entry extension. This makes the grouping unambiguous and easy to parse, and it allows an issuer to appear in the list even when it has no revoked certificates.

A second design problem in X.509 CRLs is that each revocation entry has variable length: the serial number length differs between certificates, the revocation date uses different encodings depending on whether the date falls before or after 2050, and optional per-entry extensions (e.g., reason code) may or may not be present. This variable-length layout makes it impossible to determine whether a given serial number is present in the list without scanning every entry sequentially, resulting in O(n) lookup time. In this document, the revokedCertsControl structure introduces fixed parameters (serialNumberLength, dateLength) that make every entry within revokedCerts exactly of the same size. The flags field can additionally indicate that entries are sorted in ascending order by serial number, enabling binary search and reducing lookup time to O(log(n)). Using a compact byte-string concatenation rather than a CBOR array of structured items further reduces encoded size and accelerates parsing. Furthermore, certificates removed from the CRL (delta CRL removeFromCRL entries in X.509) are kept in a dedicated removedFromCRLCerts field rather than mixed into revokedCerts. This keeps revokedCerts free of removal noise, reducing its size and allowing implementations to process currently-revoked and removed entries independently.

5.3.9.2. Fields

The revokedCertsList field is either a CBOR array of one or more PerIssuerRevokedCerts entries, each describing the revocation state for certificates issued by one issuer, or CBOR null. revokedCertsList MUST be encoded as CBOR null when all of the following conditions hold: no certificates are currently revoked, no certificates have been removed from the CRL, the only issuer that would appear is the CRL's own authoritySubject (i.e., the issuer field is null), and there are no non-empty per-issuer extensions.

Each PerIssuerRevokedCerts entry describes revoked certificates for one issuer using the following fields:

  • The issuer field identifies the issuer of the certificates covered by this PerIssuerRevokedCerts entry. When the issuer is a C509 CA, it is encoded as a Name value identical to the issuer field of the covered C509 certificates. When the issuer is an X.509 CA, it is encoded as #6.121(bytes) (tag 121 is alternative 0), where the byte string contains the DER-encoded Name from the issuer field of the covered X.509 certificates ([X.690]). If the issuer is identical to the CRL's authoritySubject field, it MUST be encoded as CBOR null.

  • The revokedCertsControl field defines the controls for interpreting removedFromCRLCerts and revokedCerts. If either removedFromCRLCerts or revokedCerts is non-null, revokedCertsControl MUST NOT be null. If both removedFromCRLCerts and revokedCerts are null, revokedCertsControl MUST be null to reduce CRL size.

    • The flags field is an unsigned integer encoding boolean control bits for crlType = 0: bit 0 (value 0x01) indicates whether entries in revokedCerts are sorted in ascending order by the integer value of the certificate serial number; bit 1 (value 0x02) indicates whether each entry contains a reason code. Bits greater than 1 are reserved for crlType = 0 and MUST be zero and MUST be ignored by receivers. Future crlType values defined in successor documents may assign additional bit meanings.

    • The serialNumberLength field defines the length, in bytes, of a certificate serial number. It MUST be greater than 0. It SHOULD be the smallest value that can encode all certificate serial numbers without leading zeros.

    Each certificate serial number is encoded as a fixed-length big-endian integer of length serialNumberLength. If the encoded value is shorter than serialNumberLength, it is left-padded with zeros.

    • The dateLength field defines the length, in bytes, of the big-endian encoded revocation-date offset relative to baseDate. A value of 0 means that no revocation date is included in revokedCerts entries. This is permitted in C509-native deployments where the revocation date is not required -- for example, when minimizing revocation data is more important than recording the revocation time. Implementations that need to convert a C509 CRL to an RFC 5280 DER-encoded CRL MUST set dateLength to a non-zero value, since [RFC5280], Section 5.1 requires a revocationDate in every CRL entry. When dateLength is non-zero, the offset MUST fit within the specified byte length without leading zero bytes.

    • The baseDate field is a reference time used to compute revocation and removal dates, encoded as described in Section 4. It MUST be greater than or equal to the issuer certificate's notBefore, which ensures that all stored offsets are non-negative. It is RECOMMENDED to set baseDate to the earliest revocation date or removal-from-CRL date among all entries in this CRL, as this minimizes the magnitude of stored offsets and reduces encoding size. Any time between the issuer certificate's notBefore (inclusive) and that earliest date (inclusive) is a conformant value. Revocation dates in revokedCerts and removal dates in removedFromCRLCerts are stored as non-negative offsets, in seconds, from baseDate.

  • The extensions field contains per-issuer extensions. Only the (extensionID: int, extensionValue: Defined) choice is permitted. If no per-issuer extensions are present, this field MUST be encoded as an empty CBOR array.

  • The revokedCerts field is a CBOR byte string containing the concatenated byte sequence of revoked-certificate entries. Each entry is the concatenation of:

    • a big-endian encoded certificate serial number of length serialNumberLength;

    • a big-endian encoded revocation-date offset from baseDate, in seconds, of length dateLength (absent when dateLength is 0); and

    • an optional reason code (1 byte if bit 1 of flags is set, absent otherwise).

    If there are no entries, this field MUST be encoded as CBOR null instead of a zero-length byte string.

    The revocation date for a given entry is recovered by adding the stored offset to baseDate. When dateLength is 0, no revocation date is stored and no date recovery is possible.

    Revoked-certificate entries have fixed length. If bit 0 of flags is set, entries are sorted in ascending order, enabling binary search for a given serial number in O(log(n)) time.

  • The removedFromCRLCerts field contains a concatenated byte sequence of entries for certificates removed from the CRL since publication of the CRL with crlNumber = baseCrlNumber. Each entry is the concatenation of:

    • a big-endian encoded certificate serial number of length serialNumberLength; and

    • a big-endian encoded removal-date offset from baseDate, in seconds, of length dateLength (absent when dateLength is 0).

    If there are no entries, this field MUST be encoded as CBOR null instead of a zero-length byte string.

    The removal date for a given entry is recovered by adding the stored offset to baseDate. When dateLength is 0, no removal date is stored and no date recovery is possible.

    Removed-certificate entries have fixed length. If bit 0 of flags is set, entries are sorted in ascending order, enabling binary search for a given serial number in O(log(n)) time.

5.3.10. CRL Extensions

The crlExtensions field contains extensions for the CRL. Only the (extensionID: int, extensionValue: Defined) choice is permitted. This document does not define any new CRL-level extensions.

Table 2 lists X.509 CRL extensions and their equivalents.

Table 2: CRL extensions and their equivalents
Code Extension Reference Equivalent
- authorityKeyIdentifier [RFC5280], Section 5.2.1 field authorityKeyIdentifier
- issuerAltName [RFC5280], Section 5.2.2 -
- cRLNumber [RFC5280], Section 5.2.3 field crlNumber
- deltaCRLIndicator [RFC5280], Section 5.2.4 field baseCrlNumber
- issuingDistributionPoint [RFC5280], Section 5.2.5 -
- freshestCRL [RFC5280], Section 5.2.6 -
- authorityInfoAccess [RFC5280], Section 5.2.7 -
- orderedList OID 2.5.29.56 (ITU-T X.509, Section 9.5.2.5) field sorted (ascSerialNum); - (ascRevDate)
- toBeRevoked OID 2.5.29.58 (ITU-T X.509, Section 9.5.2.6) -
- revokedGroups OID 2.5.29.59 (ITU-T X.509, Section 9.5.2.7) -

5.3.11. Per-Issuer Extensions

The extensions field of PerIssuerRevokedCerts contains per-issuer extensions. Only the (extensionID: int, extensionValue: Defined) choice is permitted. This document defines one per-issuer extension (expiredCertsOnCRL, see Section 5.3.11.1).

Table 3 lists per-issuer extensions defined in this document.

Table 3: Per-issuer extensions and their equivalents
Code Extension Reference Equivalent
TBD4 expiredCertsOnCRL OID 2.5.29.60 (ITU-T X.509, Section 9.5.2.8) -
5.3.11.1. expiredCertsOnCRL

The expiredCertsOnCRL extension indicates that this CRL includes revocation information for certificates that have already expired. The extension value is a time value indicating the earliest expiration date of certificates included on the CRL; certificates that expired on or after this date are listed even if they are now expired.

The extension value MUST be encoded as follows.

ExpiredCertsOnCRL = ~time

The value is encoded as described in Section 4. When this extension is present, a relying party processing expired certificates (for example, for audit or archiving purposes) SHOULD use the indicated date to determine the extent of historical revocation coverage.

5.3.12. CRL Entry Extensions

Table 4 lists X.509 CRL entry extensions. No corresponding extension is defined in this document.

Table 4: CRL entry extensions defined for X.509 CRLs
Code Extension Reference Equivalent
- reasonCode [RFC5280], Section 5.3.1 / ITU-T X.509, Section 9.6.2.1 field removedFromCRLCerts and revokedCerts
- holdInstructionCode [RFC5280], Section 5.3.2 / ITU-T X.509, Section 9.6.2.2 -
- invalidityDate [RFC5280], Section 5.3.2 / ITU-T X.509, Section 9.6.2.3 -
- certificateIssuer [RFC5280], Section 5.3.3 / ITU-T X.509, Section 9.6.2.4 field issuer within PerIssuerRevokedCerts

5.3.13. signatureValue

Encoded identically to signatureValue in C509 certificates (see [I-D.ietf-cose-cbor-encoded-cert], Section 3.1.12).

6. C509 OCSP

6.1. Overview

C509 OCSP defines CBOR encodings for OCSP requests and OCSP responses as defined in [RFC6960]. The encoding follows the same compression principles as C509 CRL and C509 certificates.

C509 OCSP requests and responses are not wire-format-compatible with DER-encoded OCSP messages as defined in [RFC6960]. The two formats cannot be mechanically converted to or from each other without semantic interpretation of the contained data.

C509OCSPRequest and C509OCSPResponse are designed to be extensible. The first field of every message is ocspRequestType or ocspResponseType, an unsigned integer that identifies the structure type. This document defines types 0, 1, and 2. Future specifications may define additional types by assigning new integer values, enabling new request or response structures to be introduced without modifying the existing types.

6.2. Identification of Certificates

To reduce OCSP message size, this document defines two truncated-hash identifier types used to refer to certificates compactly:

  • HashId8 — the leading 8 bytes of the hash value computed using the enclosing hashAlgorithm. HashId8 is used to identify issuer certificates and the certificates of OCSP requestors and responders in request and response structures where a short identifier provides sufficient uniqueness in the deployment context.

  • HashId20 — the leading 20 bytes of the hash value computed using the enclosing hashAlgorithm. HashId20 is intended for identifying certificate serial numbers (the serialNumberHash field) when higher uniqueness is required to minimize collision risk. When derived from a secure hash (e.g., SHA‑256 or SHA‑3‑256) and treated as a random output, it gives ~2^160 preimage work and ~2^80 collision resistance (birthday bound) for the truncated value. Since the relying party verifies a certificate's signature before querying OCSP, an adversary needs to construct a different certificate that (a) validates under the same issuer chain and (b) has a serial number whose hash truncation equals an existing certificate's HashId20. Such a construction is practically infeasible.

HashId8   = bytes .size 8
HashId20  = bytes .size 20

6.3. C509 OCSP Request

6.3.1. CDDL

C509OCSPRequest = C509UnsignedOCSPRequest /
                  C509SignedOCSPRequest /
                  C509SimpleOCSPRequest

C509UnsignedOCSPRequest = [
  ocspRequestType    : 0,
  hashAlgorithm      : IntAlgorithmIdentifier,
  nonce              : bytes / null,
  extensions         : Extensions,
  requests           : PerIssuerOCSPRequests
]

TBSOCSPRequest = (
  ocspRequestType    : 1,
  signatureAlgorithm : IntAlgorithmIdentifier,
  hashAlgorithm      : IntAlgorithmIdentifier,
  nonce              : bytes / null,
  requestorCertHash  : HashId8,
  extensions         : Extensions,
  requests           : PerIssuerOCSPRequests,
  requestorCerts     : COSE_C509 / #6.121(COSE_X509) / null,
)

C509SignedOCSPRequest = [
  TBSOCSPRequest,
  signatureValue     : any,
]

C509SimpleOCSPRequest = [
  ocspRequestType    : 2,
  hashAlgorithm      : IntAlgorithmIdentifier,
  nonce              : bytes / null,
  issuerCertHash     : HashId8,
  serialNumberHash   : HashId20,
  extensions         : Extensions
]

PerIssuerOCSPRequests = [ + PerIssuerOCSPRequest ]

PerIssuerOCSPRequest = (
  issuerCertHash   : HashId8,
  extensions       : Extensions,
  singleRequests   : SingleCertRequests,
)

SingleCertRequests  = [ + SingleCertRequest ]

SingleCertRequest = (
  serialNumberHash : HashId20,
  extensions       : Extensions,
)
Figure 2: CDDL for C509OCSPRequest

6.3.2. Field Encodings

6.3.2.1. ocspRequestType

The ocspRequestType field serves as the discriminator for C509OCSPRequest:

Table 5
Value Type
0 C509UnsignedOCSPRequest
1 C509SignedOCSPRequest
2 C509SimpleOCSPRequest
6.3.2.2. issuerCertHash

The issuerCertHash field appears in PerIssuerOCSPRequest, PerIssuerOCSPResponse, C509SimpleOCSPRequest, and TBSSimpleOCSPResponse. It contains a hash of the issuer certificate:

  • issuerCertHash: hash computed over the CBOR-encoded issuer C509 certificate, or over the DER-encoded issuer X.509 certificate ([X.690]). The hash algorithm is specified by the hashAlgorithm field of the enclosing request or response structure.

In X.509 OCSP ([RFC6960], Section 4.1.1), the CertID structure identifies the issuer using two separate hashes: issuerNameHash (a hash of the DER-encoded issuer name) and issuerKeyHash (a hash of the issuer's public key bit string). This two-hash approach was designed for interoperability with DER-encoded X.509 structures, but it doubles the per-issuer overhead in the message. In C509 OCSP, the issuer is identified by a single hash of the issuer certificate (issuerCertHash), which is simpler, smaller, and unambiguous. Implementations that need to cross-reference a C509 issuerCertHash with an RFC 6960 DER-encoded CertID must recompute the respective hash inputs; the values are not directly comparable.

6.3.2.3. PerIssuerOCSPRequests, PerIssuerOCSPRequest, SingleCertRequests and SingleCertRequest

PerIssuerOCSPRequests is a list of PerIssuerOCSPRequest entries. In X.509 OCSP ([RFC6960], Section 4.1.1), every Request entry embeds a full CertID containing the issuer identity fields (hashAlgorithm, issuerNameHash, issuerKeyHash) alongside the serialNumber. When multiple certificates from the same issuer are queried in a single request, these issuer fields are repeated verbatim for every entry, wasting space. PerIssuerOCSPRequest solves this by grouping all single-certificate requests for the same issuer under one entry: the issuerCertHash field is encoded once and shared across all SingleCertRequest entries in the singleRequests list, eliminating the per-entry duplication.

  • The extensions field contains per-issuer extensions that apply to all single-certificate requests in this PerIssuerOCSPRequest entry; see Section 6.4.2.12. If no per-issuer extensions are present, this field MUST be encoded as an empty CBOR array.

  • The singleRequests field is a list of SingleCertRequest entries for certificates from this issuer.

Each SingleCertRequest contains:

  • The serialNumberHash field is the truncated hash of the certificate serial number of the target certificate, computed using the hashAlgorithm of the enclosing request structure. The serial number is encoded in big-endian byte order without a leading zero byte (as in C509 certificates) before hashing. Using a hash rather than the plain serial number preserves the privacy of the requestor: an observer cannot determine which certificate is being queried without already knowing the serial number.

  • The extensions field contains extensions for the single request; see Section 6.4.2.13.

6.3.2.4. C509UnsignedOCSPRequest
  • The ocspRequestType field MUST be 0, which discriminates C509UnsignedOCSPRequest from C509SignedOCSPRequest.

  • The hashAlgorithm field specifies the hash algorithm used to compute issuerCertHash and serialNumberHash. The algorithm is encoded as an integer from the "C509 Hash Algorithms" registry defined in Section 7.

  • The nonce field contains the request nonce, or MUST be null when no nonce is present.

  • The extensions field contains request-level extensions; see Section 6.4.2.13.

  • The requests field is a list of PerIssuerOCSPRequest entries, each grouping target certificates by issuer; see Section 6.3.2.3.

6.3.2.5. C509SignedOCSPRequest
  • The ocspRequestType field MUST be 1, which discriminates C509SignedOCSPRequest from C509UnsignedOCSPRequest.

  • The signatureAlgorithm field specifies the signature algorithm, as defined in [I-D.ietf-cose-cbor-encoded-cert], Section 3.1.11.

  • The hashAlgorithm field specifies the hash algorithm used to compute requestorCertHash, issuerCertHash, and serialNumberHash. The algorithm is encoded as an integer from the "C509 Hash Algorithms" registry defined in Section 7.

  • The nonce field is as defined for C509UnsignedOCSPRequest (Section 6.3.2.4).

  • The requestorCertHash field is a hash of the signer's certificate, computed using hashAlgorithm. requestorCerts MUST carry the corresponding certificate chain so that the receiver can verify the identity of the requestor.

  • The extensions field contains request-level extensions; see Section 6.4.2.13.

  • The requests field is as defined for C509UnsignedOCSPRequest (Section 6.3.2.4).

  • The requestorCerts field contains a sorted certificate chain starting with the signer's certificate, or MUST be null if no certificates are transported. When the signer holds a C509 certificate chain, the value is COSE_C509. When the signer holds an X.509 certificate chain, the value is #6.121(COSE_X509), wrapping a COSE_X509 chain with CBOR tag 121 (alternative 0).

  • The signatureValue field is the signature computed over the CBOR Sequence of the TBSOCSPRequest group.

6.3.2.6. C509SimpleOCSPRequest

C509SimpleOCSPRequest is a compact request format for querying the status of a single certificate. Unlike C509UnsignedOCSPRequest, which uses a two-level PerIssuerOCSPRequests / SingleCertRequest grouping to batch multiple serial numbers across one or more issuers, C509SimpleOCSPRequest flattens the structure into a single CBOR array for the common case of a one-certificate query.

  • The ocspRequestType field MUST be 2, which discriminates C509SimpleOCSPRequest from C509UnsignedOCSPRequest and C509SignedOCSPRequest.

  • The nonce field contains the request nonce, or MUST be null when no nonce is present.

  • The issuerCertHash field identifies the issuer of the target certificate; see Section 6.3.2.2.

  • The serialNumberHash field is the hash of the certificate serial number of the target certificate, computed using the hashAlgorithm from C509SimpleOCSPRequest. The serial number is encoded in big-endian byte order without a leading zero byte before hashing. Using a hash rather than the plain serial number preserves the privacy of the requestor: an observer cannot determine which certificate is being queried without already knowing the serial number.

  • The extensions field contains request-level extensions; see Section 6.4.2.13. If no extensions are present, this field MUST be encoded as an empty CBOR array.

6.4. C509 OCSP Response

6.4.1. CDDL

C509OCSPResponse = C509ErrorOCSPResponse /
                   C509BasicOCSPResponse /
                   C509SimpleOCSPResponse

C509ErrorOCSPResponse = [
  ocspResponseType  : 0,
  responseStatus    : int
]

TBSBasicOCSPResponse = (
  ocspResponseType   : 1,
  signatureAlgorithm : IntAlgorithmIdentifier,
  hashAlgorithm      : IntAlgorithmIdentifier,
  nonce              : bytes / null,
  responderCertHash  : HashId8,
  producedAt         : ~time,
  extensions         : Extensions,
  responses          : PerIssuerOCSPResponses,
  responderCerts     : COSE_C509 / #6.121(COSE_X509) / null,
)

C509BasicOCSPResponse = [
  TBSBasicOCSPResponse,
  signatureValue     : any
]

TBSSimpleOCSPResponse = (
  ocspResponseType   : 2,
  signatureAlgorithm : IntAlgorithmIdentifier,
  hashAlgorithm      : IntAlgorithmIdentifier,
  nonce              : bytes / null,
  responderCertHash  : HashId8,
  issuerCertHash     : HashId8,
  serialNumberHash   : HashId20,
  certStatus         : CertStatus,
  producedAt         : ~time,
  thisUpdate         : nint / 0,
  nextUpdate         : uint / null,
  extensions         : Extensions,
  responderCerts     : COSE_C509 / #6.121(COSE_X509) / null,
)

C509SimpleOCSPResponse = [
  TBSSimpleOCSPResponse,
  signatureValue     : any
]

PerIssuerOCSPResponses = [ + PerIssuerOCSPResponse ]

PerIssuerOCSPResponse = (
  issuerCertHash   : HashId8,
  extensions       : Extensions,
  singleResponses  : SingleCertResponses,
)

SingleCertResponses = [ + SingleCertResponse ]

SingleCertResponse = (
  serialNumberHash : HashId20,
  certStatus       : CertStatus,
  thisUpdate       : nint / 0,
  nextUpdate       : uint / null,
  extensions       : Extensions,
)

CertStatus = 0        ; good
           / 1        ; not-issued (issuer recognized,
                      ;   serial number not issued)
           / 2        ; unknown (issuer not recognized)
           / RevokedInfo

RevokedInfo = [
  revocationTime   : ~time,
  revocationReason : int,
]
Figure 3: CDDL for C509OCSPResponse

6.4.2. Field Encodings

6.4.2.1. C509ErrorOCSPResponse

If the OCSP server cannot process the OCSP query, it returns a C509ErrorOCSPResponse. The ocspResponseType value MUST be 0, and responseStatus has the following enumerated values:

Table 6: responseStatus values
int responseStatus
- successful
1 malformedRequest
2 internalError
3 tryLater
5 sigRequired
6 unauthorized
6.4.2.2. C509BasicOCSPResponse

The ocspResponseType field of C509BasicOCSPResponse is 1, distinguishing it from C509ErrorOCSPResponse. It corresponds to BasicOCSPResponse in [RFC6960].

TBSBasicOCSPResponse is the group of fields to be signed. The signatureValue field is the only field outside the signed group. Covering signatureAlgorithm and responderCerts within the signed content prevents algorithm-substitution and certificate-chain substitution attacks; this design goes beyond the protections offered by the DER-encoded BasicOCSPResponse defined in [RFC6960].

6.4.2.3. C509SimpleOCSPResponse

C509SimpleOCSPResponse is a compact signed response for a single-certificate status query. It is the response counterpart to C509SimpleOCSPRequest (see Section 6.3.2.6). Unlike C509BasicOCSPResponse, which uses a two-level PerIssuerOCSPResponses / SingleCertResponse grouping to carry status for multiple certificates across one or more issuers, C509SimpleOCSPResponse flattens the structure into a single signed CBOR array for the common case of a one-certificate response.

TBSSimpleOCSPResponse is the group of fields to be signed. The signatureValue field is the only field outside the signed group. Covering signatureAlgorithm, responderCertHash, and responderCerts within the signed content prevents algorithm-substitution and certificate-chain substitution attacks.

  • The ocspResponseType field MUST be 2, which discriminates C509SimpleOCSPResponse from C509ErrorOCSPResponse and C509BasicOCSPResponse.

  • The signatureAlgorithm field specifies the signature algorithm, as defined in [I-D.ietf-cose-cbor-encoded-cert], Section 3.1.11. It is part of TBSSimpleOCSPResponse and is therefore covered by the signature.

  • The hashAlgorithm field specifies the hash algorithm used to compute responderCertHash, issuerCertHash, and serialNumberHash. The algorithm is encoded as an integer from the "C509 Hash Algorithms" registry defined in Section 7.

  • The responderCertHash field identifies the OCSP responder; see Section 6.4.2.5.

  • The nonce field contains the request nonce, or MUST be null when no nonce is present. If present, it MUST have the same value as the nonce in the corresponding C509SimpleOCSPRequest.

  • The issuerCertHash field identifies the issuer of the queried certificate; see Section 6.3.2.2.

  • The serialNumberHash field is the hash of the certificate serial number of the queried certificate, computed using hashAlgorithm. The serial number is encoded in big-endian byte order without a leading zero byte before hashing; see Section 6.4.2.11.1.

  • The producedAt field is the time at which this response was produced, encoded as described in Section 4.

  • The thisUpdate field is encoded as a non-positive integer (nint / 0) representing the number of seconds from producedAt at which the indicated status is known to be correct. It MUST be 0 or negative, since the status cannot be known at a time in the future relative to the time the response was produced.

  • The nextUpdate field is encoded as a uint representing the number of seconds from producedAt until the next response update is expected, or null if the update time is unknown.

  • The certStatus field encodes the revocation status; see Section 6.4.2.11.

  • The extensions field contains response-level extensions; see Section 6.4.2.13. If no extensions are present, this field MUST be encoded as an empty CBOR array.

  • The responderCerts field carries the certificate chain starting with the responder certificate identified by responderCertHash; see Section 6.4.2.6.

  • The signatureValue field is the signature computed over the CBOR Sequence of the TBSSimpleOCSPResponse group.

6.4.2.4. nonce

If present, this field MUST have the same value as the nonce in the corresponding request.

6.4.2.5. responderCertHash

responderCertHash is a truncated hash over the responder's certificate, computed using the same hashAlgorithm as issuerCertHash. In X.509 OCSP ([RFC6960]), the responder is identified by a ResponderID CHOICE that carries either a distinguished name or a public-key hash. C509 OCSP replaces this with a single hash over the entire responder certificate, which is consistent with the issuerCertHash design for issuer identification.

6.4.2.6. responderCerts

When present, the responderCerts field carries the certificate chain starting with the responder certificate identified by responderCertHash. When the responder holds a C509 certificate chain, the value is COSE_C509. When the responder holds an X.509 certificate chain, the value is #6.121(COSE_X509), wrapping a COSE_X509 chain with CBOR tag 121 (alternative 0). The field is part of TBSBasicOCSPResponse and is therefore covered by the signature, which prevents certificate-chain substitution attacks.

6.4.2.7. signatureAlgorithm and signatureValue
  • signatureAlgorithm: the signature algorithm used to compute signatureValue, as defined in [I-D.ietf-cose-cbor-encoded-cert], Section 3.1.11. It is part of the TBSBasicOCSPResponse group and is therefore covered by the signature.

  • signatureValue: the signature computed over the CBOR Sequence of the TBSBasicOCSPResponse group.

6.4.2.8. producedAt, thisUpdate, nextUpdate

The producedAt field is encoded as described in Section 4. The thisUpdate field is encoded as a non-positive integer (nint / 0) representing the number of seconds from producedAt at which the indicated status is known to be correct; it MUST be 0 or negative, since the status cannot be known at a time in the future relative to when the response was produced. The nextUpdate field is encoded as a uint representing the number of seconds from producedAt until the next update is expected to be available. nextUpdate may be null, which indicates an unknown update time.

6.4.2.10. PerIssuerOCSPResponses and PerIssuerOCSPResponse

PerIssuerOCSPResponses is a list of PerIssuerOCSPResponse entries. For the same reason as on the request side (see Section 6.3.2.3), the issuerCertHash field is encoded once per issuer and shared across all SingleCertResponse entries in the singleResponses list, avoiding the per-entry repetition that would occur if the issuer identity were embedded in every individual response entry. PerIssuerOCSPResponse groups single responses for certificates issued by the same issuer; the issuer is identified by issuerCertHash (see Section 6.3.2.2).

  • The extensions field contains per-issuer extensions that apply to all single-certificate responses in this PerIssuerOCSPResponse entry; see Section 6.4.2.12. If no per-issuer extensions are present, this field MUST be encoded as an empty CBOR array.

  • The singleResponses field contains one SingleCertResponse for each queried certificate issued by that issuer.

6.4.2.11. SingleCertResponse
6.4.2.11.1. serialNumberHash

This field contains the truncated hash of the serial number of the certificate being queried. It is computed using the hashAlgorithm from the enclosing TBSBasicOCSPResponse and contains the first 20 bytes. The serial number is encoded in big-endian byte order without a leading zero byte before hashing. In X.509, a CertificateSerialNumber INTEGER is DER-encoded with a leading zero byte when the most-significant bit is set; that leading zero MUST be stripped before computing the hash. In X.509 OCSP ([RFC6960], Section 4.1.1), the CertID structure carries the plain serialNumber directly. C509 OCSP replaces this with a hash to preserve privacy: an observer cannot determine which certificate was queried without already knowing the serial number.

6.4.2.11.3. certStatus

CertStatus is encoded either as an integer (for good, not-issued, and unknown) or as a RevokedInfo array:

  • 0: good -- the certificate is not revoked.

  • 1: not-issued -- the issuer is recognized but the serial number is unknown.

  • 2: unknown -- the responder does not recognize the issuer identified by issuerCertHash.

  • RevokedInfo: revoked -- a fixed-length 2-element array carrying revocationTime and revocationReason. The revocationReason field is encoded as specified in Section 5.3.8. When the revocation reason is not known, revocationReason MUST be set to 0 (unspecified).

The integer values are chosen to align with the ASN.1 IMPLICIT tag numbers of CertStatus in [RFC6960]: good uses [0] (value 0) and unknown uses [2] (value 2). The ASN.1 revoked alternative uses [1]; since C509 represents the revoked status as the explicit RevokedInfo array, the integer value 1 becomes available. It is assigned to the not-issued status, which was introduced in [RFC6960], Section 4.4.8 to distinguish unrecognized serial numbers from unrecognized issuers, thereby maintaining a contiguous integer range for the non-revoked statuses.

6.4.2.12. Per-Issuer OCSP Extensions

PerIssuerOCSPRequest.extensions and PerIssuerOCSPResponse.extensions carry per-issuer extensions. Only the (extensionID: int, extensionValue: Defined) choice of Extensions is permitted. If no per-issuer extensions are present, the field MUST be encoded as an empty CBOR array [].

Table 7 lists the per-issuer extensions defined in this document.

Table 7: Per-issuer OCSP extensions
Code Extension Applied in Comments
(none defined)      
6.4.2.13. OCSP Extensions

Table 8 describes the OCSP extensions defined in [RFC6960] and their mapping in this document.

Table 8: OCSP extensions defined in RFC 6960
Code Extension RFC Reference Applied in Replaced in this document
- nonce [RFC6960], Section 4.4.1 Request Extension, Response Extension field nonce
- CRL References [RFC6960], Section 4.4.2 Single Response Extension -
TBD2 Acceptable Response Types [RFC6960], Section 4.4.3 Request Extension -
- Archive Cutoff [RFC6960], Section 4.4.4 Response Extension -
- Service Locator [RFC6960], Section 4.4.5 Request Extension -
TBD3 Preferred Signature Algorithms [RFC6960], Section 4.4.7 Request Extension -
- Extended Revoked Definition [RFC6960], Section 4.4.8 Response Extension cert status not-issued (for serial numbers not issued by a recognized issuer) and unknown (for unrecognized issuers)
TBD6 TN Query [I-D.ietf-stir-certificates-ocsp] Single Request Extension -

This document defines the following extension values:

  • Acceptable Response Types: The extension value MUST be encoded as follows.

AcceptableResponseTypes = [ + int]

The integers in AcceptableResponseTypes form a sorted list of preferred C509OCSPResponse types, in descending order of preference, that the requestor is willing to accept. This document defines types 0 (C509ErrorOCSPResponse), 1 (C509BasicOCSPResponse), and 2 (C509SimpleOCSPResponse). Type 0 (C509ErrorOCSPResponse) is always implicitly supported and does not need to be listed. When this extension is absent, an OCSP server responding to a C509UnsignedOCSPRequest or C509SignedOCSPRequest MUST reply with a C509BasicOCSPResponse (type 1); an OCSP server responding to a C509SimpleOCSPRequest MUST reply with a C509SimpleOCSPResponse (type 2). If AcceptableResponseTypes contains type 2 but not type 1, and the corresponding request contains entries for two or more certificates, the server SHALL return a C509ErrorOCSPResponse with responseStatus set to malformedRequest (1), since C509SimpleOCSPResponse can only carry status for a single certificate.

  • Preferred Signature Algorithms: The extension value MUST be encoded as follows.

PreferredSignatureAlgorithm = (
  sigIdentifier        : IntAlgorithmIdentifier,
  pubKeyAlgIdentifiers : [ 2* IntAlgorithmIdentifier ]
                         / IntAlgorithmIdentifier
                         / null,
)

IntAlgorithmIdentifier = int

PreferredSignatureAlgorithms = [ + PreferredSignatureAlgorithm ]

The sigIdentifier field carries the signature algorithm identifier. The pubKeyAlgIdentifiers field carries the public key algorithm identifier and MUST be one of:

  • a CBOR array of two or more IntAlgorithmIdentifier values, sorted in descending order of preference, when the responder is willing to accept any of the listed public key algorithms as a match for this signature algorithm preference (e.g., to express hybrid or multi-algorithm key policies); the first entry in the array represents the most preferred public key algorithm,

  • a single IntAlgorithmIdentifier value, when exactly one public key algorithm is acceptable, or

  • null, when the public key algorithm is unconstrained or implied by sigIdentifier.

PreferredSignatureAlgorithms MUST be sorted in descending order of preference; the first entry represents the most preferred algorithm combination.

  • TN Query: The extension value MUST be encoded as follows.

TNQuery = text .size (1..15)

The TNQuery extension carries a telephone number string conforming to the TelephoneNumber ASN.1 type ([RFC8226], Section 3). When included in single request extensions, it specifies the telephone number for which the OCSP query is being performed (typically the number from the "orig" field of a PASSporT being validated).

Clients MUST include this extension in the single-request extensions per [I-D.ietf-stir-certificates-ocsp].

6.5. Certificate Type Interoperability

C509 OCSP uses a single set of request and response structures that handles both C509 and X.509 certificates without modification. All participants -- requestor, responder, and issuer -- are identified by a hash over their certificate rather than by type-specific fields such as a Subject distinguished name, SubjectKeyIdentifier, or the X.509 ResponderID CHOICE (byName or byKey). Because a hash applies uniformly regardless of the certificate encoding, the same OCSP structures accommodate C509 certificates (CBOR-encoded), X.509 certificates (DER-encoded), and any future certificate types.

The only per-type differences are in how identity hashes are computed and how certificate chains are carried:

Table 9: Per-type differences in C509 OCSP identity fields
Field C509 certificate X.509 certificate
issuerCertHash Hash of CBOR-encoded C509Certificate Hash of DER-encoded X.509 certificate
requestorCertHash Hash of CBOR-encoded C509Certificate Hash of DER-encoded X.509 certificate
responderCertHash Hash of CBOR-encoded C509Certificate Hash of DER-encoded X.509 certificate
requestorCerts / responderCerts COSE_C509 #6.121(COSE_X509)

In a hybrid deployment where the responder holds an X.509 certificate, responderCertHash contains the hash of the DER-encoded X.509 certificate and responderCerts carries a #6.121(COSE_X509) chain. In a deployment using C509 certificates throughout, all identity hashes are computed over CBOR-encoded certificates and certificate chains are carried as COSE_C509. The hashAlgorithm field at the top level of each request or response structure governs all hashes within that structure.

6.6. OCSP Stapling in TLS

In standard TLS certificate status stapling (see the status_request extension, [RFC8446], Section 4.4.2.1), the stapled OCSP response is a DER-encoded OCSPResponse. To allow C509 OCSP stapling, this document defines a new TLS CertificateStatusType value [RFC6066], Section 8:

Table 10: TLS CertificateStatusType for C509 OCSP
Value Name Reference
TBD1 c509_ocsp This document

When CertificateStatusType is c509_ocsp, the status field contains a CBOR-encoded C509OCSPResponse instead of a DER-encoded OCSPResponse.

7. C509 Hash Algorithms

This document defines the following hash algorithms.

+-------+----------------------------------------------------------+
| Value | Hash Algorithm                                           |
+=======+==========================================================+
|   0   | Name:        SHA-256                                     |
|       | Identifiers: id-sha256                                   |
|       | OID:         2.16.840.1.101.3.4.2.1                      |
|       | Parameters:  absent                                      |
|       | DER:         60 86 48 01 65 03 04 02 01                  |
|       | Comments:                                                |
+-------+----------------------------------------------------------+
|   1   | Name:        SHA-384                                     |
|       | Identifiers: id-sha384                                   |
|       | OID:         2.16.840.1.101.3.4.2.2                      |
|       | Parameters:  absent                                      |
|       | DER:         60 86 48 01 65 03 04 02 02                  |
|       | Comments:                                                |
+-------+----------------------------------------------------------+
|   2   | Name:        SHA-512                                     |
|       | Identifiers: id-sha512                                   |
|       | OID:         2.16.840.1.101.3.4.2.3                      |
|       | Parameters:  absent                                      |
|       | DER:         60 86 48 01 65 03 04 02 03                  |
|       | Comments:                                                |
+-------+----------------------------------------------------------+
|   3   | Name:        SHA-224                                     |
|       | Identifiers: id-sha224                                   |
|       | OID:         2.16.840.1.101.3.4.2.4                      |
|       | Parameters:  absent                                      |
|       | DER:         60 86 48 01 65 03 04 02 04                  |
|       | Comments:                                                |
+-------+----------------------------------------------------------+
|   4   | Name:        SM3                                         |
|       | Identifiers: id-sm3                                      |
|       | OID:         1.2.156.10197.1.401                         |
|       | Parameters:  absent                                      |
|       | DER:         06 08 2A 81 1C 84 8E 35 01 04 01            |
|       | Comments:                                                |
+-------+----------------------------------------------------------+
|   5   | Name:        SHA3-256                                    |
|       | Identifiers: id-sha3-256                                 |
|       | OID:         2.16.840.1.101.3.4.2.8                      |
|       | Parameters:  absent                                      |
|       | DER:         60 86 48 01 65 03 04 02 08                  |
|       | Comments:                                                |
+-------+----------------------------------------------------------+
|   6   | Name:        SHA3-384                                    |
|       | Identifiers: id-sha3-384                                 |
|       | OID:         2.16.840.1.101.3.4.2.9                      |
|       | Parameters:  absent                                      |
|       | DER:         60 86 48 01 65 03 04 02 09                  |
|       | Comments:                                                |
+-------+----------------------------------------------------------+
|   7   | Name:        SHA3-512                                    |
|       | Identifiers: id-sha3-512                                 |
|       | OID:         2.16.840.1.101.3.4.2.10                     |
|       | Parameters:  absent                                      |
|       | DER:         60 86 48 01 65 03 04 02 0A                  |
|       | Comments:                                                |
+-------+----------------------------------------------------------+
|   8   | Name:        SHA3-224                                    |
|       | Identifiers: id-sha3-224                                 |
|       | OID:         2.16.840.1.101.3.4.2.7                      |
|       | Parameters:  absent                                      |
|       | DER:         60 86 48 01 65 03 04 02 07                  |
|       | Comments:                                                |
+-------+----------------------------------------------------------+
|   9   | Name:        SHAKE128                                    |
|       | Identifiers: id-shake128                                 |
|       | OID:         2.16.840.1.101.3.4.2.11                     |
|       | Parameters:  absent                                      |
|       | DER:         60 86 48 01 65 03 04 02 0B                  |
|       | Comments:                                                |
+-------+----------------------------------------------------------+
|   10  | Name:        SHAKE256                                    |
|       | Identifiers: id-shake256                                 |
|       | OID:         2.16.840.1.101.3.4.2.12                     |
|       | Parameters:  absent                                      |
|       | DER:         60 86 48 01 65 03 04 02 0C                  |
|       | Comments:                                                |
+-------+----------------------------------------------------------+
Figure 4: C509 Hash Algorithms

8. Security Considerations

TODO

9. IANA Considerations

This document has the following actions for IANA.

Note to RFC Editor: Please replace all occurrences of "[RFC-XXXX]" with the RFC number of this specification and delete this paragraph.

9.1. Extension Identifiers Registry

IANA is requested to assign the new values shown in Figure 5 in the "C509 Extensions" registry under the new registry group "CBOR Encoded X.509 (C509)" defined in [I-D.ietf-cose-cbor-encoded-cert].

+-------+----------------------------------------------------------+
| Value | Extension                                                |
+=======+==========================================================+
| TBD2  | Name:            Acceptable Response Types               |
|       | Identifiers:     id-pkix-ocsp-response                   |
|       | OID:             1.3.6.1.5.5.7.48.1.4                    |
|       | DER:             06 09 2B 06 01 05 05 07 30 01 04        |
|       | Comments:        RFC 6960                                |
|       | extensionValue:  AcceptableResponseTypes                 |
+-------+----------------------------------------------------------+
| TBD3  | Name:            Preferred Signature Algorithms          |
|       | Identifiers:     id-pkix-ocsp-pref-sig-algs              |
|       | OID:             1.3.6.1.5.5.7.48.1.8                    |
|       | DER:             06 09 2B 06 01 05 05 07 30 01 08        |
|       | Comments:        RFC 6960                                |
|       | extensionValue:  PreferredSignatureAlgorithms            |
+-------+----------------------------------------------------------+
| TBD4  | Name:            Expired Certificates on CRL             |
|       | Identifiers:     id-ce-expiredCertsOnCRL                 |
|       | OID:             2.5.29.60                               |
|       | DER:             06 03 55 1D 3C                          |
|       | Comments:        ITU-T X.509, Section 9.5.2.8            |
|       | extensionValue:  ExpiredCertsOnCRL                       |
+-------+----------------------------------------------------------+
| TBD6  | Name:            TN Query                                |
|       | Identifiers:     id-pkix-ocsp-stir-tn                    |
|       | OID:             1.3.6.1.5.5.7.48.1.10                   |
|       | DER:             06 09 2B 06 01 05 05 07 30 01 0A        |
|       | Comments:        draft-ietf-stir-certificates-ocsp       |
|       | extensionValue:  TNQuery                                 |
+-------+----------------------------------------------------------+
Figure 5: C509 extension identifier allocation requests

9.2. C509 Hash Algorithms Registry

IANA is requested to create a new registry "C509 Hash Algorithms" under the registry group "CBOR Encoded X.509 (C509)" defined in [I-D.ietf-cose-cbor-encoded-cert].

The registration policy is either "Private Use", "IETF Review with Expert Review", or "Expert Review" per [RFC8126], Section 4.5. "Expert Review" guidelines are provided in Section 9.6.

All assignments according to "IETF Review with Expert Review" are made on an "IETF Review" basis per [RFC8126], Section 4.8, with Expert Review additionally required per [RFC8126], Section 4.5. The procedure for early IANA allocation of Standards Track code points defined in [RFC7120] also applies. When such a procedure is used, IANA will ask the designated expert(s) to approve the early allocation before registration. In addition, WG chairs are encouraged to consult the expert(s) early during the process outlined in [RFC7120], Section 3.1.

The columns of this registry are:

  • Value: This field contains the value used to identify the C509 hash algorithm. These values MUST be unique. The value can be a positive integer or a negative integer. Different ranges of values use different registration policies [RFC8126]. Integer values from -24 to 23 are designated as "IETF Review with Expert Review". Integer values greater than 32767 are marked as "Private Use". All other integer values are designated as "Expert Review". This field MUST NOT be empty.

  • Name: This field contains the name of the C509 hash algorithm. This field MUST NOT be empty.

  • Identifiers: This field contains additional identifiers of the C509 hash algorithm, if any is available.

  • OID: This field contains the OID corresponding to the C509 hash algorithm. This field MUST NOT be empty.

  • Parameters: This field contains the parameters of the C509 hash algorithm. This field MUST NOT be empty. If the C509 hash algorithm has no parameters, this field contains the string "absent".

  • DER: This field contains the DER encoding of the ASN.1 value of type DigestInfo for the C509 hash algorithm. This field MUST NOT be empty.

  • Comments: This field contains any optional comment about the C509 hash algorithm.

  • Reference: This field contains a pointer to the public specification for the C509 hash algorithm, if one is available.

This registry has been initially populated with the entries defined in Section 7.

9.3. TLS CertificateStatusType Registry

IANA is requested to assign the value shown in Table 11 in the "TLS Certificate Status Types" registry under "Transport Layer Security (TLS) Extensions":

Table 11: TLS CertificateStatusType allocation request
Value Description Reference Comment
TBD1 c509_ocsp This document N/A

9.4. Media Type Application Registry

IANA is requested to assign the following entries into the "application" registry in the registry group "Media Types" with this document as reference.

9.4.1. Media Type application/c509-crl+cbor

When the application/c509-crl+cbor media type is used, the data is a C509CRL structure.

Subtype name: c509-crl+cbor

Required parameters: N/A

Encoding considerations: binary

Security considerations: See Section 8 of [RFC-XXXX].

Interoperability considerations: N/A

Published specification: [RFC-XXXX]

Applications that use this media type: Any MIME-compliant transport

Fragment identifier considerations: N/A

Additional information:

  • Deprecated alias names for this type: N/A

  • Magic number(s): N/A

  • File extension(s): .c509

  • Macintosh file type code(s): N/A

Person & email address to contact for further information: iesg@ietf.org

Intended usage: COMMON

Restrictions on usage: N/A

Author: COSE WG

Change controller: IETF

9.4.2. Media Type application/c509-crlinfo+cbor

When the application/c509-crlinfo+cbor media type is used, the data is a C509CRLInfo structure.

Subtype name: c509-crlinfo+cbor

Required parameters: N/A

Encoding considerations: binary

Security considerations: See Section 8 of [RFC-XXXX].

Interoperability considerations: N/A

Published specification: [RFC-XXXX]

Applications that use this media type: Any MIME-compliant transport

Fragment identifier considerations: N/A

Additional information:

  • Deprecated alias names for this type: N/A

  • Magic number(s): N/A

  • File extension(s): .c509

  • Macintosh file type code(s): N/A

Person & email address to contact for further information: iesg@ietf.org

Intended usage: COMMON

Restrictions on usage: N/A

Author: COSE WG

Change controller: IETF

9.4.3. Media Type application/c509-ocspreq+cbor

When the application/c509-ocspreq+cbor media type is used, the data is a C509OCSPRequest structure.

Subtype name: c509-ocspreq+cbor

Required parameters: N/A

Encoding considerations: binary

Security considerations: See Section 8 of [RFC-XXXX].

Interoperability considerations: N/A

Published specification: [RFC-XXXX]

Applications that use this media type: OCSP clients

Fragment identifier considerations: N/A

Additional information:

  • Deprecated alias names for this type: N/A

  • Magic number(s): N/A

  • File extension(s): .c509

  • Macintosh file type code(s): N/A

Person & email address to contact for further information: iesg@ietf.org

Intended usage: COMMON

Restrictions on usage: N/A

Author: COSE WG

Change controller: IETF

9.4.4. Media Type application/c509-ocspresp+cbor

When the application/c509-ocspresp+cbor media type is used, the data is a C509OCSPResponse structure.

Subtype name: c509-ocspresp+cbor

Required parameters: N/A

Encoding considerations: binary

Security considerations: See Section 8 of [RFC-XXXX].

Interoperability considerations: N/A

Published specification: [RFC-XXXX]

Applications that use this media type: OCSP servers

Fragment identifier considerations: N/A

Additional information:

  • Deprecated alias names for this type: N/A

  • Magic number(s): N/A

  • File extension(s): .c509

  • Macintosh file type code(s): N/A

Person & email address to contact for further information: iesg@ietf.org

Intended usage: COMMON

Restrictions on usage: N/A

Author: COSE WG

Change controller: IETF

9.5. CoAP Content-Formats Registry

IANA is requested to add entries for "application/c509-crl+cbor", "application/c509-crlinfo+cbor", "application/c509-ocspreq+cbor" and "application/c509-ocspresp+cbor" to the "CoAP Content-Formats" registry in the registry group "Constrained RESTful Environments (CoRE) Parameters".

+-------------------------+---------+-------+------------+
| Content                 | Content | ID    | Reference  |
| Type                    | Coding  |       |            |
+=========================+=========+=======+============+
| application/            | -       | TBD7  | [[this     |
| c509-crl+cbor           |         |       | document]] |
+-------------------------+---------+-------+------------+
| application/            |         |       | [[this     |
| c509-crlinfo+cbor       | -       | TBD8  | document]] |
+-------------------------+---------+-------+------------+
| application/            | -       | TBD9  | [[this     |
| c509-ocspreq+cbor       |         |       | document]] |
+-------------------------+---------+-------+------------+
| application/            | -       | TBD10 | [[this     |
| c509-ocspresp+cbor      |         |       | document]] |
+-------------------------+---------+-------+------------+

10. References

10.1. Normative References

[I-D.ietf-cose-cbor-encoded-cert]
Mattsson, J. P., Selander, G., Raza, S., Höglund, J., Furuhed, M., and L. Liao, "CBOR Encoded X.509 Certificates (C509 Certificates)", Work in Progress, Internet-Draft, draft-ietf-cose-cbor-encoded-cert-20, , <https://datatracker.ietf.org/doc/html/draft-ietf-cose-cbor-encoded-cert-20>.
[I-D.ietf-stir-certificates-ocsp]
Peterson, J. and S. Turner, "OCSP Usage for Secure Telephone Identity Certificates", Work in Progress, Internet-Draft, draft-ietf-stir-certificates-ocsp-14, , <https://datatracker.ietf.org/doc/html/draft-ietf-stir-certificates-ocsp-14>.
[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/rfc/rfc2119>.
[RFC5280]
Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, , <https://www.rfc-editor.org/rfc/rfc5280>.
[RFC6066]
Eastlake 3rd, D., "Transport Layer Security (TLS) Extensions: Extension Definitions", RFC 6066, DOI 10.17487/RFC6066, , <https://www.rfc-editor.org/rfc/rfc6066>.
[RFC6960]
Santesson, S., Myers, M., Ankney, R., Malpani, A., Galperin, S., and C. Adams, "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP", RFC 6960, DOI 10.17487/RFC6960, , <https://www.rfc-editor.org/rfc/rfc6960>.
[RFC7120]
Cotton, M., "Early IANA Allocation of Standards Track Code Points", BCP 100, RFC 7120, DOI 10.17487/RFC7120, , <https://www.rfc-editor.org/rfc/rfc7120>.
[RFC7925]
Tschofenig, H., Ed. and T. Fossati, "Transport Layer Security (TLS) / Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things", RFC 7925, DOI 10.17487/RFC7925, , <https://www.rfc-editor.org/rfc/rfc7925>.
[RFC8126]
Cotton, M., Leiba, B., and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 8126, DOI 10.17487/RFC8126, , <https://www.rfc-editor.org/rfc/rfc8126>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/rfc/rfc8174>.
[RFC8226]
Peterson, J. and S. Turner, "Secure Telephone Identity Credentials: Certificates", RFC 8226, DOI 10.17487/RFC8226, , <https://www.rfc-editor.org/rfc/rfc8226>.
[RFC8446]
Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.3", RFC 8446, DOI 10.17487/RFC8446, , <https://www.rfc-editor.org/rfc/rfc8446>.
[RFC8610]
Birkholz, H., Vigano, C., and C. Bormann, "Concise Data Definition Language (CDDL): A Notational Convention to Express Concise Binary Object Representation (CBOR) and JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610, , <https://www.rfc-editor.org/rfc/rfc8610>.
[RFC8742]
Bormann, C., "Concise Binary Object Representation (CBOR) Sequences", RFC 8742, DOI 10.17487/RFC8742, , <https://www.rfc-editor.org/rfc/rfc8742>.
[RFC8949]
Bormann, C. and P. Hoffman, "Concise Binary Object Representation (CBOR)", STD 94, RFC 8949, DOI 10.17487/RFC8949, , <https://www.rfc-editor.org/rfc/rfc8949>.
[RFC9147]
Rescorla, E., Tschofenig, H., and N. Modadugu, "The Datagram Transport Layer Security (DTLS) Protocol Version 1.3", RFC 9147, DOI 10.17487/RFC9147, , <https://www.rfc-editor.org/rfc/rfc9147>.
[RFC9360]
Schaad, J., "CBOR Object Signing and Encryption (COSE): Header Parameters for Carrying and Referencing X.509 Certificates", RFC 9360, DOI 10.17487/RFC9360, , <https://www.rfc-editor.org/rfc/rfc9360>.
[RFC9682]
Bormann, C., "Updates to the Concise Data Definition Language (CDDL) Grammar", RFC 9682, DOI 10.17487/RFC9682, , <https://www.rfc-editor.org/rfc/rfc9682>.

10.2. Informative References

[CborMe]
Bormann, C., "CBOR Playground", , <https://cbor.me/>.
[POSIX]
"IEEE Standard for Information Technology--Portable Operating System Interface (POSIX(TM)) Base Specifications, Issue 7", , <https://pubs.opengroup.org/onlinepubs/9699919799/>.
[RFC7228]
Bormann, C., Ersue, M., and A. Keranen, "Terminology for Constrained-Node Networks", RFC 7228, DOI 10.17487/RFC7228, , <https://www.rfc-editor.org/rfc/rfc7228>.
[X.690]
"ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)", n.d., <https://www.itu.int/rec/T-REC-X.690>.

Appendix A. Examples

A.1. Overview

Table 12: Size comparison in examples (TODO: update the percent data)
Section Description size(C509) size(X509) Size Reduction
Appendix A.3.1 CRL Example Without Revoked Certificates 147 120 18%
Appendix A.3.2 CRL Example With Revoked Certificates 335 177 47%
Appendix A.3.3 Delta CRL Example With Revoked Certificates 335 160 52%
Appendix A.3.4 Indirect CRL Example With Revoked Certificates 409 202 51%
Appendix A.4.1 Simple OCSP Request Example 152 51 66%
Appendix A.4.2 Unsigned OCSP Request Example 483 132 73%
Appendix A.4.3 Signed OCSP Request Example Without Requestor's Certificate 592 209 65%
Appendix A.4.4 Signed OCSP Request Example With Requestor's Certificate 1043 420 60%
Appendix A.4.5 Signed OCSP Request Example With Requestor's Certificate Chain 1379 625 55%
Appendix A.5.1 Error OCSP Response Example 5 3 40%
Appendix A.5.2 Simple OCSP Response Example 338 140 59%
Appendix A.5.3 Basic OCSP Response Example Without Responder's Certificate 845 248 71%
Appendix A.5.4 Basic OCSP Response Example With Responder's Certificate 1189 446 62%
Appendix A.5.5 Basic OCSP Response Example With Responder's Certificate Chain 1525 651 57%

A.2. Helper Keys and Certificates

A.2.1. CA Private Key and Certificate

A.2.1.1. CA Private Key
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIDP+AdMbqXudBAN3YNAwoR0i3nl4IuoSSA6Hazy2oAKc
-----END PRIVATE KEY-----
A.2.1.2. CA Certificate
A.2.1.2.1. Plain Hex
8B0241010C73746573742063726C6F6373702D726F6F7463611A677485801A6B36EC
7F6F746573742063726C6F6373702D63610C58205EF8A355A001A7C50D2349470120
8131A4BB2AB920D40BFB0EE1F6AB28FF74008801542F45E78D2CAEDF368CDF53C390
05D492450E1056211860230107542DA3A403F7D2F4E0B3D8031A73BA8A839F557F0F
5840E50465D60C02A2111EF3FC6E44F2A36008765B552351F9A3F5B2AA7C76F1F05D
259847A4F4250B2E4B0AE2099762A2596D3CC1DB2CCD180AA0A2D0E191310B0F
A.2.1.2.2. Textual Representation
Certificate
  TBSCertificate
    Certificate Type: 2
    Serial Number
      01
    Signature Algorithm: Ed25519 (12)
    Issuer : CN=test crlocsp-rootca
    Subject: CN=test crlocsp-ca
    Validity
      Not Before: 2025-01-01T00:00:00Z
      Not After : 2026-12-31T23:59:59Z
    Subject Public Key Info:
      algorithm: Ed25519 (12)
      Raw public key
        5e:f8:a3:55:a0:01:a7:c5:0d:23:49:47:01:20:81:31:
        a4:bb:2a:b9:20:d4:0b:fb:0e:e1:f6:ab:28:ff:74:00
    Extensions
      SubjectKeyIdentifier (1)
        2f:45:e7:8d:2c:ae:df:36:8c:df:53:c3:90:05:d4:92:
        45:0e:10:56
      KeyUsage (2), critical
        0x60: [keyCertSign, cRLSign]
      BasicConstraints (4), critical
        CA: true, pathLenConstraint: 1
      AuthorityKeyIdentifier (7)
        Key Identifier
          2d:a3:a4:03:f7:d2:f4:e0:b3:d8:03:1a:73:ba:8a:83:
          9f:55:7f:0f
  Signature Value
    e5:04:65:d6:0c:02:a2:11:1e:f3:fc:6e:44:f2:a3:60:
    08:76:5b:55:23:51:f9:a3:f5:b2:aa:7c:76:f1:f0:5d:
    25:98:47:a4:f4:25:0b:2e:4b:0a:e2:09:97:62:a2:59:
    6d:3c:c1:db:2c:cd:18:0a:a0:a2:d0:e1:91:31:0b:0f

A.2.2. CRL Signer Private Key and Certificate

A.2.2.1. CRL Signer Private Key
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIOJ3HnsrBJ5g5Pb5oy7qlvijr3Wfx3ywAUvnmRV4354s
-----END PRIVATE KEY-----
A.2.2.2. CRL Signer Certificate
A.2.2.2.1. Plain Hex
8B024212340C6F746573742063726C6F6373702D63611A6775D7001A69570A806A63
726C2D7369676E65720C5820C9BA1EC496DACB97AED087ADE390F398FBD477871EE9
203817EC0E31902789FF86015409E433582556550A27DB4A19BCE2D660884722B621
184007542F45E78D2CAEDF368CDF53C39005D492450E10565840D46E6A8F9FD53417
F36DFE56CBB8CACE0FC3E59ACBE72CD9916B3E4C5022D06D16CC9BF9AC54394037C9
5433644194FAE18FF783381959584A21BDC0E1C6CB0B
A.2.2.2.2. Textual Representation
Certificate
  TBSCertificate
    Certificate Type: 2
    Serial Number
      12:34
    Signature Algorithm: Ed25519 (12)
    Issuer : CN=test crlocsp-ca
    Subject: CN=crl-signer
    Validity
      Not Before: 2025-01-02T00:00:00Z
      Not After : 2026-01-02T00:00:00Z
    Subject Public Key Info:
      algorithm: Ed25519 (12)
      Raw public key
        c9:ba:1e:c4:96:da:cb:97:ae:d0:87:ad:e3:90:f3:98:
        fb:d4:77:87:1e:e9:20:38:17:ec:0e:31:90:27:89:ff
    Extensions
      SubjectKeyIdentifier (1)
        09:e4:33:58:25:56:55:0a:27:db:4a:19:bc:e2:d6:60:
        88:47:22:b6
      KeyUsage (2), critical
        0x40: [cRLSign]
      AuthorityKeyIdentifier (7)
        Key Identifier
          2f:45:e7:8d:2c:ae:df:36:8c:df:53:c3:90:05:d4:92:
          45:0e:10:56
  Signature Value
    d4:6e:6a:8f:9f:d5:34:17:f3:6d:fe:56:cb:b8:ca:ce:
    0f:c3:e5:9a:cb:e7:2c:d9:91:6b:3e:4c:50:22:d0:6d:
    16:cc:9b:f9:ac:54:39:40:37:c9:54:33:64:41:94:fa:
    e1:8f:f7:83:38:19:59:58:4a:21:bd:c0:e1:c6:cb:0b

A.2.3. OCSP Requestor Private Key and Certificate

A.2.3.1. OCSP Requestor Private Key
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIDoXZF67Rh+ENmXzefN4vLk/o2fK5q/otI2G1xQYtThH
-----END PRIVATE KEY-----
A.2.3.2. OCSP Requestor Certificate
A.2.3.2.1. Plain Hex
8B024212360C6F746573742063726C6F6373702D63611A6775D7001A69570A806E6F
6373702D726571756573746F720C582004530B1764EDD4B4E33AB44AF0F838961C00
7176D74B6A3546ECB7FD57320DD3860154DD51BDB2A2C791C062D4027856DBACF526
07F0BE210107542F45E78D2CAEDF368CDF53C39005D492450E10565840F8C6183ECF
8C3EFD50DD4942D172814C46EC0FC01DD586A597178DF864A0D9DA86B7CA17FC9F77
2FF04C80E98B60D5B4B62408A277A5B70D0D2A3F5ED5442D07
A.2.3.2.2. Textual Representation
Certificate
  TBSCertificate
    Certificate Type: 2
    Serial Number
      12:36
    Signature Algorithm: Ed25519 (12)
    Issuer : CN=test crlocsp-ca
    Subject: CN=ocsp-requestor
    Validity
      Not Before: 2025-01-02T00:00:00Z
      Not After : 2026-01-02T00:00:00Z
    Subject Public Key Info:
      algorithm: Ed25519 (12)
      Raw public key
        04:53:0b:17:64:ed:d4:b4:e3:3a:b4:4a:f0:f8:38:96:
        1c:00:71:76:d7:4b:6a:35:46:ec:b7:fd:57:32:0d:d3
    Extensions
      SubjectKeyIdentifier (1)
        dd:51:bd:b2:a2:c7:91:c0:62:d4:02:78:56:db:ac:f5:
        26:07:f0:be
      KeyUsage (2), critical
        0x1: [digitalSignature]
      AuthorityKeyIdentifier (7)
        Key Identifier
          2f:45:e7:8d:2c:ae:df:36:8c:df:53:c3:90:05:d4:92:
          45:0e:10:56
  Signature Value
    f8:c6:18:3e:cf:8c:3e:fd:50:dd:49:42:d1:72:81:4c:
    46:ec:0f:c0:1d:d5:86:a5:97:17:8d:f8:64:a0:d9:da:
    86:b7:ca:17:fc:9f:77:2f:f0:4c:80:e9:8b:60:d5:b4:
    b6:24:08:a2:77:a5:b7:0d:0d:2a:3f:5e:d5:44:2d:07

A.2.4. OCSP Responder Private Key and Certificate

A.2.4.1. OCSP Responder Private Key
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEII5swSxWTjlZinUj+5kie//qjgBbzupdc0lmaHF9NkXl
-----END PRIVATE KEY-----
A.2.4.2. OCSP Responder Certificate
A.2.4.2.1. Plain Hex
8B024212350C6F746573742063726C6F6373702D63611A6775D7001A69570A806E6F
6373702D726573706F6E6465720C582081947BBC248AAC79738211A8D75BF92CB777
D994073DF23AE06380EF2C573976880154B5B4CAF35401D06151DF9629DB579DC8CC
A453A8210107542F45E78D2CAEDF368CDF53C39005D492450E105627095840A01B0C
BF3E34A4762D05404FD08A7AEC103035358314686D72B6159078C76E1D88597F3753
1886A3F52F256FD722192B289D6844014467F1F17F05ACBB7B660A
A.2.4.2.2. Textual Representation
Certificate
  TBSCertificate
    Certificate Type: 2
    Serial Number
      12:35
    Signature Algorithm: Ed25519 (12)
    Issuer : CN=test crlocsp-ca
    Subject: CN=ocsp-responder
    Validity
      Not Before: 2025-01-02T00:00:00Z
      Not After : 2026-01-02T00:00:00Z
    Subject Public Key Info:
      algorithm: Ed25519 (12)
      Raw public key
        81:94:7b:bc:24:8a:ac:79:73:82:11:a8:d7:5b:f9:2c:
        b7:77:d9:94:07:3d:f2:3a:e0:63:80:ef:2c:57:39:76
    Extensions
      SubjectKeyIdentifier (1)
        b5:b4:ca:f3:54:01:d0:61:51:df:96:29:db:57:9d:c8:
        cc:a4:53:a8
      KeyUsage (2), critical
        0x1: [digitalSignature]
      AuthorityKeyIdentifier (7)
        Key Identifier
          2f:45:e7:8d:2c:ae:df:36:8c:df:53:c3:90:05:d4:92:
          45:0e:10:56
      ExtendedKeyUsage (8), critical
        OCSPSigning (9)
  Signature Value
    a0:1b:0c:bf:3e:34:a4:76:2d:05:40:4f:d0:8a:7a:ec:
    10:30:35:35:83:14:68:6d:72:b6:15:90:78:c7:6e:1d:
    88:59:7f:37:53:18:86:a3:f5:2f:25:6f:d7:22:19:2b:
    28:9d:68:44:01:44:67:f1:f1:7f:05:ac:bb:7b:66:0a

A.3. CRL Examples

A.3.1. CRL Example Without Revoked Certificates

  • Size reduction: 18%

  • Verifiable with certificate in Appendix A.2.1.2

  • Direct CRL

  • Full CRL

  • No revoked certificates

  • Note that the X.509 CRL and the C509 CRL are not convertible.

A.3.1.1. X.509 CRL

PEM content (147 bytes):

-----BEGIN X509 CRL-----
MIGQMEQCAQEwBQYDK2VwMBoxGDAWBgNVBAMMD3Rlc3QgY3Jsb2NzcC1jYRcNMjUw
MTAyMDAwMDAwWhcNMjUwMTA5MDAwMDAwWjAFBgMrZXADQQBeSb215S+/7HT9HjQN
zeuuETZAjRIwCLxCIZatpkiov3ndsI7fjXcabny/kx9d5Ce39o3RcDG3QiDDdWOi
R5UK
-----END X509 CRL-----
A.3.1.2. C509 CRL

Plain Hex (120 bytes):

8B000C6F746573742063726C6F6373702D6361542F45E78D2CAEDF368CDF53C39005
D492450E1056011A6775D7001A00093A80F680F6584013834F4E38AA9F0DC5B8D21C
8650C776A6D961C31C894C36A71A6433F5ED7D30E67F787F13C7E4C349B2848A181F
DBBCE361A14C220021C4A267367AD5F1D90D

Textual Representation

C509CRL
  TBSCertList
    CRL Type: C509CRL (0)
    Signature Algorithm: Ed25519 (12)
    Authority Subject: CN=test crlocsp-ca
    Authority Key Identifier:
      2F:45:E7:8D:2C:AE:DF:36:8C:DF:53:C3:90:05:D4:92:
      45:0E:10:56
    CRL Number: 1
    This Update: 2025-01-02T00:00:00Z
    Next Update: 2025-01-09T00:00:00Z
    Base CRL Number: <null>
    Extensions: <empty>
  revokedCertsList: <null>
  Signature Value
    13:83:4f:4e:38:aa:9f:0d:c5:b8:d2:1c:86:50:c7:76:
    a6:d9:61:c3:1c:89:4c:36:a7:1a:64:33:f5:ed:7d:30:
    e6:7f:78:7f:13:c7:e4:c3:49:b2:84:8a:18:1f:db:bc:
    e3:61:a1:4c:22:00:21:c4:a2:67:36:7a:d5:f1:d9:0d

Annotated hex

  0: 8B             # C509CRL=array[11]
  1:   00             # [0]. crlType=0
  2:   0C             # [1]. signatureAlgorithm=Ed25519 (12)
  3:   6F             # [2]. authoritySubject=char[15]
  4:     746573742063726C6F6373702D6361 # "test crlocsp-ca"
 19:   54             # [3]. authorityKeyIdentifier=byte[20]
 20:     2F45E78D2CAEDF368CDF53C39005D492450E1056
 40:   01             # [4]. crlNumber=1
 41:   1A 6775D700    # [5]. thisUpdate=1735776000:
                      #      2025-01-02T00:00:00Z
 46:   1A 00093A80    # [6]. nextUpdate=604800: 2025-01-09T00:00:00Z
 51:   F6             # [7]. baseCrlNumber=<null>
 52:   80             # [8]. crlExtensions=array[0]
 53:   F6             # [9]. revokedCertsList: <null>
 54:   58 40          # [10]. signature value=byte[64]
 56:     13834F4E38AA9F0DC5B8D21C8650C776A6D961C31C894C36A71A6433F5
 85:     ED7D30E67F787F13C7E4C349B2848A181FDBBCE361A14C220021C4A267
114:     367AD5F1D90D

A.3.2. CRL Example With Revoked Certificates

  • Size reduction: 47%

  • Verifiable with certificate in Appendix A.2.1.2

  • Direct CRL

  • Full CRL

  • With revoked certificates

  • With Per-Issuer Extension ExpiredCertsOnCRL

  • Note that the X.509 CRL and the C509 CRL are not convertible.

A.3.2.1. X.509 CRL

PEM content (335 bytes):

-----BEGIN X509 CRL-----
MIIBSzCB/gIBATAFBgMrZXAwGjEYMBYGA1UEAwwPdGVzdCBjcmxvY3NwLWNhFw0y
NTAxMDcwMDEyMzRaFw0yNTAxMTQwMDEyMzRaMIG3MCECAhEiFw0yNTAxMDYwMDEy
MzRaMAwwCgYDVR0VBAMKAQYwIQICEjQXDTI1MDEwMTAwMTIzNFowDDAKBgNVHRUE
AwoBATAhAgIzRBcNMjUwMTA0MDAxMjM0WjAMMAoGA1UdFQQDCgEGMCECAlVmFw0y
NTAxMDIwMDEyMzRaMAwwCgYDVR0VBAMKAQYwEwICVngXDTI1MDEwNTAwMTIzNFow
FAIDAJq8Fw0yNTAxMDMwMDEyMzRaMAUGAytlcANBAAK0jdEbZtlvJDmhKAJQTklZ
WqS7xaN9gHvLC/8lvmqsSdY8T/1YbdkVGCyKsWuDSBGVFtrM2DrBzSDarRKctwY=
-----END X509 CRL-----
A.3.2.2. C509 CRL

Plain Hex (177 bytes):

8B000C6F746573742063726C6F6373702D6361542F45E78D2CAEDF368CDF53C39005
D492450E1056021A677C71721A00093A80F68085F6840302031A677488728218571A
677485805824112206978006123400000001334403F4800655660151800656780546
00009ABC02A30000F6584070BB7A38065FBCABFE615170F05A9A9FE83DC892D5F735
812B2A053AF4B300EB466BABB4F1A387CDCE90D8302C680B77AA61566423D7C235F7
BD31344CF7F405

Textual Representation

C509CRL
  TBSCertList
    CRL Type: C509CRL (0)
    Signature Algorithm: Ed25519 (12)
    Authority Subject: CN=test crlocsp-ca
    Authority Key Identifier:
      2F:45:E7:8D:2C:AE:DF:36:8C:DF:53:C3:90:05:D4:92:
      45:0E:10:56
    CRL Number: 2
    This Update: 2025-01-07T00:12:34Z
    Next Update: 2025-01-14T00:12:34Z
    Base CRL Number: <null>
    Extensions: <empty>
  revokedCertsList:
    PerIssuerRevokedCerts[0]
      Issuer: <null>
      RevokedCertsControl
        Flags: sorted, with reason (0x3)
        Serial number length: 2
        Date length: 3
        Base date: 2025-01-01T00:12:34Z
      Extensions
        ExpiredCertsOnCRL (87)
          2025-01-01T00:00:00Z
      RevokedCerts:
        0x1122, 2025-01-06T00:12:34Z, certificateHold
        0x1234, 2025-01-01T00:12:34Z, keyCompromise
        0x3344, 2025-01-04T00:12:34Z, certificateHold
        0x5566, 2025-01-02T00:12:34Z, certificateHold
        0x5678, 2025-01-05T00:12:34Z, unspecified
        0x9ABC, 2025-01-03T00:12:34Z, unspecified
      RemovedFromCRLCerts: <null>
  Signature Value
    70:bb:7a:38:06:5f:bc:ab:fe:61:51:70:f0:5a:9a:9f:
    e8:3d:c8:92:d5:f7:35:81:2b:2a:05:3a:f4:b3:00:eb:
    46:6b:ab:b4:f1:a3:87:cd:ce:90:d8:30:2c:68:0b:77:
    aa:61:56:64:23:d7:c2:35:f7:bd:31:34:4c:f7:f4:05

Annotated hex

  0: 8B             # C509CRL=array[11]
  1:   00             # [0]. crlType=0
  2:   0C             # [1]. signatureAlgorithm=Ed25519 (12)
  3:   6F             # [2]. authoritySubject=char[15]
  4:     746573742063726C6F6373702D6361 # "test crlocsp-ca"
 19:   54             # [3]. authorityKeyIdentifier=byte[20]
 20:     2F45E78D2CAEDF368CDF53C39005D492450E1056
 40:   02             # [4]. crlNumber=2
 41:   1A 677C7172    # [5]. thisUpdate=1736208754:
                      #      2025-01-07T00:12:34Z
 46:   1A 00093A80    # [6]. nextUpdate=604800: 2025-01-14T00:12:34Z
 51:   F6             # [7]. baseCrlNumber=<null>
 52:   80             # [8]. crlExtensions=array[0]
 53:   85             # [9]. revokedCertsList=array[5]
                        #---PerIssuedRevokedCerts[0]---
 54:     F6             # [0]. issuer=<null>
 55:     84             # [1]. revokedCertsControl=array[4]
 56:       03             # [0]. flags: sorted, with reason (0x3)
 57:       02             # [1]. serialNumberLength=2
 58:       03             # [2]. dateLength=3
 59:       1A 67748872    # [3]. baseDate=1735690354:
                          #      2025-01-01T00:12:34Z
 64:     82             # [2]. extensions=array[2]
                          #---extension[0]---
 65:       18 57          # [0]. type=ExpiredCertsOnCRL (87)
 67:       1A 67748580    # [1]. value=1735689600:
                          #      2025-01-01T00:00:00Z
 72:     58 24          # [3]. revokedCerts=byte[36], 6 entries
                          #---entries[0]---
 74:       1122           # CSN=1122
 76:       069780         # date=069780: 2025-01-06T00:12:34Z
 79:       06             # reason=6: certificateHold
                          #---entries[1]---
 80:       1234           # CSN=1234
 82:       000000         # date=000000: 2025-01-01T00:12:34Z
 85:       01             # reason=1: keyCompromise
                          #---entries[2]---
 86:       3344           # CSN=3344
 88:       03F480         # date=03F480: 2025-01-04T00:12:34Z
 91:       06             # reason=6: certificateHold
                          #---entries[3]---
 92:       5566           # CSN=5566
 94:       015180         # date=015180: 2025-01-02T00:12:34Z
 97:       06             # reason=6: certificateHold
                          #---entries[4]---
 98:       5678           # CSN=5678
100:       054600         # date=054600: 2025-01-05T00:12:34Z
103:       00             # reason=0: unspecified
                          #---entries[5]---
104:       9ABC           # CSN=9ABC
106:       02A300         # date=02A300: 2025-01-03T00:12:34Z
109:       00             # reason=0: unspecified
110:     F6             # [4]. removedFromCRLCerts=<null>
111:   58 40          # [10]. signature value=byte[64]
113:     70BB7A38065FBCABFE615170F05A9A9FE83DC892D5F735812B2A053AF4
142:     B300EB466BABB4F1A387CDCE90D8302C680B77AA61566423D7C235F7BD
171:     31344CF7F405

A.3.3. Delta CRL Example With Revoked Certificates

  • Size reduction: 52%

  • Verifiable with certificate in Appendix A.2.1.2

  • Direct CRL

  • Delta CRL

  • With revoked certificates

  • With entries removed from CRL since last full CRL

  • Note that the X.509 CRL and the C509 CRL are not convertible.

A.3.3.1. X.509 CRL

PEM content (335 bytes):

-----BEGIN X509 CRL-----
MIIBSzCB/gIBATAFBgMrZXAwGjEYMBYGA1UEAwwPdGVzdCBjcmxvY3NwLWNhFw0y
NTAxMDgwMDEyMzRaFw0yNTAxMTAwMDEyMzRaMIG3MCECAjQSFw0yNTAxMDcxMjEy
MzRaMAwwCgYDVR0VBAMKAQEwEwICeFYXDTI1MDEwODAwMTAzNFowFAIDALyaFw0y
NTAxMDgwMDA4MzRaMCECAhEiFw0yNTAxMDcxMzEyMzRaMAwwCgYDVR0VBAMKAQgw
IQICM0QXDTI1MDEwNzE0MTIzNFowDDAKBgNVHRUEAwoBCDAhAgJVZhcNMjUwMTA3
MTUxMjM0WjAMMAoGA1UdFQQDCgEIMAUGAytlcANBAKxSjqeefzjGdniA3bQCg3rL
d7rrJnfh8GfsWdawC9BHjK1G336hRYaxwLOtyQS4Mn80jjSwrN+bXg10spSA4gA=
-----END X509 CRL-----
A.3.3.2. C509 CRL

Plain Hex (160 bytes):

8B000C6F746573742063726C6F6373702D6361542F45E78D2CAEDF368CDF53C39005
D492450E1056031A677DC2F21A0002A300028085F6840302021A677D1A32804F3412
0000017856A84800BC9AA7D0004C11220E1033441C2055662A305840369C3E6412E9
D0537CD39EA1DA40C68C32B4EC0E5678650D6AF73677A5A0CF37F1CDE75D663DE374
9101F4354CCD6D8D05773887650046932B583C5365D7EB0B

Textual Representation

C509CRL
  TBSCertList
    CRL Type: C509CRL (0)
    Signature Algorithm: Ed25519 (12)
    Authority Subject: CN=test crlocsp-ca
    Authority Key Identifier:
      2F:45:E7:8D:2C:AE:DF:36:8C:DF:53:C3:90:05:D4:92:
      45:0E:10:56
    CRL Number: 3
    This Update: 2025-01-08T00:12:34Z
    Next Update: 2025-01-10T00:12:34Z
    Base CRL Number: 2
    Extensions: <empty>
  revokedCertsList:
    PerIssuerRevokedCerts[0]
      Issuer: <null>
      RevokedCertsControl
        Flags: sorted, with reason (0x3)
        Serial number length: 2
        Date length: 2
        Base date: 2025-01-07T12:12:34Z
      Extensions: <empty>
      RevokedCerts:
        0x3412, 2025-01-07T12:12:34Z, keyCompromise
        0x7856, 2025-01-08T00:10:34Z, unspecified
        0xBC9A, 2025-01-08T00:08:34Z, unspecified
      RemovedFromCRLCerts:
        0x1122, 2025-01-07T13:12:34Z
        0x3344, 2025-01-07T14:12:34Z
        0x5566, 2025-01-07T15:12:34Z
  Signature Value
    36:9c:3e:64:12:e9:d0:53:7c:d3:9e:a1:da:40:c6:8c:
    32:b4:ec:0e:56:78:65:0d:6a:f7:36:77:a5:a0:cf:37:
    f1:cd:e7:5d:66:3d:e3:74:91:01:f4:35:4c:cd:6d:8d:
    05:77:38:87:65:00:46:93:2b:58:3c:53:65:d7:eb:0b

Annotated hex

  0: 8B             # C509CRL=array[11]
  1:   00             # [0]. crlType=0
  2:   0C             # [1]. signatureAlgorithm=Ed25519 (12)
  3:   6F             # [2]. authoritySubject=char[15]
  4:     746573742063726C6F6373702D6361 # "test crlocsp-ca"
 19:   54             # [3]. authorityKeyIdentifier=byte[20]
 20:     2F45E78D2CAEDF368CDF53C39005D492450E1056
 40:   03             # [4]. crlNumber=3
 41:   1A 677DC2F2    # [5]. thisUpdate=1736295154:
                      #      2025-01-08T00:12:34Z
 46:   1A 0002A300    # [6]. nextUpdate=172800: 2025-01-10T00:12:34Z
 51:   02             # [7]. baseCrlNumber=2
 52:   80             # [8]. crlExtensions=array[0]
 53:   85             # [9]. revokedCertsList=array[5]
                        #---PerIssuedRevokedCerts[0]---
 54:     F6             # [0]. issuer=<null>
 55:     84             # [1]. revokedCertsControl=array[4]
 56:       03             # [0]. flags: sorted, with reason (0x3)
 57:       02             # [1]. serialNumberLength=2
 58:       02             # [2]. dateLength=2
 59:       1A 677D1A32    # [3]. baseDate=1736251954:
                          #      2025-01-07T12:12:34Z
 64:     80             # [2]. extensions=array[0]
 65:     4F             # [3]. revokedCerts=byte[15], 3 entries
                          #---entries[0]---
 66:       3412           # CSN=3412
 68:       0000           # date=0000: 2025-01-07T12:12:34Z
 70:       01             # reason=1: keyCompromise
                          #---entries[1]---
 71:       7856           # CSN=7856
 73:       A848           # date=A848: 2025-01-08T00:10:34Z
 75:       00             # reason=0: unspecified
                          #---entries[2]---
 76:       BC9A           # CSN=BC9A
 78:       A7D0           # date=A7D0: 2025-01-08T00:08:34Z
 80:       00             # reason=0: unspecified
 81:     4C             # [4]. removedFromCRLCerts=byte[12], 3
                        #      entries
                          #---entries[0]---
 82:       1122           # CSN=1122
 84:       0E10           # date=0E10: 2025-01-07T13:12:34Z
                          #---entries[1]---
 86:       3344           # CSN=3344
 88:       1C20           # date=1C20: 2025-01-07T14:12:34Z
                          #---entries[2]---
 90:       5566           # CSN=5566
 92:       2A30           # date=2A30: 2025-01-07T15:12:34Z
 94:   58 40          # [10]. signature value=byte[64]
 96:     369C3E6412E9D0537CD39EA1DA40C68C32B4EC0E5678650D6AF73677A5
125:     A0CF37F1CDE75D663DE3749101F4354CCD6D8D05773887650046932B58
154:     3C5365D7EB0B

A.3.4. Indirect CRL Example With Revoked Certificates

  • Size reduction: 51%

  • Verifiable with certificate in Appendix A.2.2.2

  • Indirect CRL

  • Full CRL

  • With revoked certificates

  • With two issuers

  • Note that the X.509 CRL and the C509 CRL are not convertible.

A.3.4.1. X.509 CRL

PEM content (409 bytes):

-----BEGIN X509 CRL-----
MIIBlTCCAUcCAQEwBQYDK2VwMBUxEzARBgNVBAMMCmNybC1zaWduZXIXDTI1MDEw
NzAwMTIzNFoXDTI1MDExNDAwMTIzNFowggEEMEoCAhI0Fw0yNTAxMDEwMDEyMzRa
MDUwCgYDVR0VBAMKAQEwJwYDVR0dBCAwHqQcMBoxGDAWBgNVBAMMD3Rlc3QgY3Js
b2NzcC1jYTATAgJWeBcNMjUwMTA1MDAxMjM0WjAUAgMAmrwXDTI1MDEwMzAwMTIz
NFowRQICESIXDTI1MDEwNjAwMTIzNFowMDAKBgNVHRUEAwoBBjAiBgNVHR0EGzAZ
pBcwFTETMBEGA1UEAwwKZXhhbXBsZSBDQTAhAgIzRBcNMjUwMTA0MDAxMjM0WjAM
MAoGA1UdFQQDCgEGMCECAlVmFw0yNTAxMDIwMDEyMzRaMAwwCgYDVR0VBAMKAQYw
BQYDK2VwA0EAUMWMYunvDSqQzFV+lo5O5TZmopxPvnMBpuR0Do8kCA4P4PHGg/E8
1U6GfBu/9MvUuTOX13loPDedsjvs/uK8AQ==
-----END X509 CRL-----
A.3.4.2. C509 CRL

Plain Hex (202 bytes):

8B000C6A63726C2D7369676E65725409E433582556550A27DB4A19BCE2D660884722
B6041A677C71721A00093A80F6808A6F746573742063726C6F6373702D6361840302
031A6774887280521234000000015678054600009ABC02A30000F66A6578616D706C
65204341840302031A6775D9F28052112205460006334402A30006556600000006F6
5840F00D6270F91486A7F378D06F01A807E64E086BB366BE3A1592CE4A64BFFD621F
30E2AB93766B4F8818116AB7DA7BEDF7C3EBCBDEAC6D0455F5F5669712006205

Textual Representation

C509CRL
  TBSCertList
    CRL Type: C509CRL (0)
    Signature Algorithm: Ed25519 (12)
    Authority Subject: CN=crl-signer
    Authority Key Identifier:
      09:E4:33:58:25:56:55:0A:27:DB:4A:19:BC:E2:D6:60:
      88:47:22:B6
    CRL Number: 4
    This Update: 2025-01-07T00:12:34Z
    Next Update: 2025-01-14T00:12:34Z
    Base CRL Number: <null>
    Extensions: <empty>
  revokedCertsList:
    PerIssuerRevokedCerts[0]
      Issuer: CN=test crlocsp-ca
      RevokedCertsControl
        Flags: sorted, with reason (0x3)
        Serial number length: 2
        Date length: 3
        Base date: 2025-01-01T00:12:34Z
      Extensions: <empty>
      RevokedCerts:
        0x1234, 2025-01-01T00:12:34Z, keyCompromise
        0x5678, 2025-01-05T00:12:34Z, unspecified
        0x9ABC, 2025-01-03T00:12:34Z, unspecified
      RemovedFromCRLCerts: <null>
    PerIssuerRevokedCerts[1]
      Issuer: CN=example CA
      RevokedCertsControl
        Flags: sorted, with reason (0x3)
        Serial number length: 2
        Date length: 3
        Base date: 2025-01-02T00:12:34Z
      Extensions: <empty>
      RevokedCerts:
        0x1122, 2025-01-06T00:12:34Z, certificateHold
        0x3344, 2025-01-04T00:12:34Z, certificateHold
        0x5566, 2025-01-02T00:12:34Z, certificateHold
      RemovedFromCRLCerts: <null>
  Signature Value
    f0:0d:62:70:f9:14:86:a7:f3:78:d0:6f:01:a8:07:e6:
    4e:08:6b:b3:66:be:3a:15:92:ce:4a:64:bf:fd:62:1f:
    30:e2:ab:93:76:6b:4f:88:18:11:6a:b7:da:7b:ed:f7:
    c3:eb:cb:de:ac:6d:04:55:f5:f5:66:97:12:00:62:05

Annotated hex

  0: 8B             # C509CRL=array[11]
  1:   00             # [0]. crlType=0
  2:   0C             # [1]. signatureAlgorithm=Ed25519 (12)
  3:   6A             # [2]. authoritySubject=char[10]
  4:     63726C2D7369676E6572 # "crl-signer"
 14:   54             # [3]. authorityKeyIdentifier=byte[20]
 15:     09E433582556550A27DB4A19BCE2D660884722B6
 35:   04             # [4]. crlNumber=4
 36:   1A 677C7172    # [5]. thisUpdate=1736208754:
                      #      2025-01-07T00:12:34Z
 41:   1A 00093A80    # [6]. nextUpdate=604800: 2025-01-14T00:12:34Z
 46:   F6             # [7]. baseCrlNumber=<null>
 47:   80             # [8]. crlExtensions=array[0]
 48:   8A             # [9]. revokedCertsList=array[10]
                        #---PerIssuedRevokedCerts[0]---
 49:     6F             # [0]. issuer=char[15]
 50:       746573742063726C6F6373702D6361 # "test crlocsp-ca"
 65:     84             # [1]. revokedCertsControl=array[4]
 66:       03             # [0]. flags: sorted, with reason (0x3)
 67:       02             # [1]. serialNumberLength=2
 68:       03             # [2]. dateLength=3
 69:       1A 67748872    # [3]. baseDate=1735690354:
                          #      2025-01-01T00:12:34Z
 74:     80             # [2]. extensions=array[0]
 75:     52             # [3]. revokedCerts=byte[18], 3 entries
                          #---entries[0]---
 76:       1234           # CSN=1234
 78:       000000         # date=000000: 2025-01-01T00:12:34Z
 81:       01             # reason=1: keyCompromise
                          #---entries[1]---
 82:       5678           # CSN=5678
 84:       054600         # date=054600: 2025-01-05T00:12:34Z
 87:       00             # reason=0: unspecified
                          #---entries[2]---
 88:       9ABC           # CSN=9ABC
 90:       02A300         # date=02A300: 2025-01-03T00:12:34Z
 93:       00             # reason=0: unspecified
 94:     F6             # [4]. removedFromCRLCerts=<null>
                        #---PerIssuedRevokedCerts[1]---
 95:     6A             # [5]. issuer=char[10]
 96:       6578616D706C65204341 # "example CA"
106:     84             # [6]. revokedCertsControl=array[4]
107:       03             # [0]. flags: sorted, with reason (0x3)
108:       02             # [1]. serialNumberLength=2
109:       03             # [2]. dateLength=3
110:       1A 6775D9F2    # [3]. baseDate=1735776754:
                          #      2025-01-02T00:12:34Z
115:     80             # [7]. extensions=array[0]
116:     52             # [8]. revokedCerts=byte[18], 3 entries
                          #---entries[0]---
117:       1122           # CSN=1122
119:       054600         # date=054600: 2025-01-06T00:12:34Z
122:       06             # reason=6: certificateHold
                          #---entries[1]---
123:       3344           # CSN=3344
125:       02A300         # date=02A300: 2025-01-04T00:12:34Z
128:       06             # reason=6: certificateHold
                          #---entries[2]---
129:       5566           # CSN=5566
131:       000000         # date=000000: 2025-01-02T00:12:34Z
134:       06             # reason=6: certificateHold
135:     F6             # [9]. removedFromCRLCerts=<null>
136:   58 40          # [10]. signature value=byte[64]
138:     F00D6270F91486A7F378D06F01A807E64E086BB366BE3A1592CE4A64BF
167:     FD621F30E2AB93766B4F8818116AB7DA7BEDF7C3EBCBDEAC6D0455F5F5
196:     669712006205

A.4. OCSP Request Examples

A.4.1. Simple OCSP Request Example

  • Size reduction: 66%

  • Simple OCSP Request (C509SimpleOCSPRequest)

  • Note that the X.509 OCSP Request and the C509 OCSP Request are not convertible.

A.4.1.1. X.509 OCSP Request

PEM content (152 bytes):

-----BEGIN OCSP REQUEST-----
MIGVMIGSMG0wazBpMA0GCWCGSAFlAwQCAQUABCAyU450hb03rkVPHw0rl1XXWLkf
bo46evOXoPQAYFxv+AQgzBHIdAoFCexNoUzliG5yNkwPY7YO1jR/E8Fu5yW3ZqIC
FBI0EjQSNBI0EjQSNBI0EjQSNBI0oiEwHzAdBgkrBgEFBQcwAQIEEBERERERERER
ERERERERERE=
-----END OCSP REQUEST-----
A.4.1.2. C509 OCSP Request

Plain Hex (51 bytes):

860200501111111111111111111111111111111148A01C73A5F3B063345410652787
FA0527BC2449A1BFC5AB31AA5A6F0D8D80

Textual Representation

C509SimpleOCSPRequest
  Type: C509SimpleOCSPRequest (2)
  Hash Algorithm: SHA256 (0)
  IssuerCertHash:
    a0:1c:73:a5:f3:b0:63:34
  SerialNumberHash:
    10:65:27:87:fa:05:27:bc:24:49:a1:bf:c5:ab:31:aa:
    5a:6f:0d:8d
  Nonce
    11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11
  Extensions: <empty>

Annotated hex

 0: 86             # C509OCSPRequest=array[6]
 1:   02             # [0]. ocspRequestType=C509SimpleOCSPRequest
                     #      (2)
 2:   00             # [1]. hashAlgorithm=SHA256 (0)
 3:   50             # [2]. nonce=byte[16]
 4:     11111111111111111111111111111111
20:   48             # [3]. issuerCertHash=byte[8]
21:     A01C73A5F3B06334
29:   54             # [4]. serialNumberHash=byte[20]
30:     10652787FA0527BC2449A1BFC5AB31AA5A6F0D8D
50:   80             # [5]. extensions=array[0]

A.4.2. Unsigned OCSP Request Example

  • Size reduction: 73%

  • Unsigned OCSP Request (C509UnsignedOCSPRequest)

  • Note that the X.509 OCSP Request and the C509 OCSP Request are not convertible.

A.4.2.1. X.509 OCSP Request

PEM content (483 bytes):

-----BEGIN OCSP REQUEST-----
MIIB3zCCAdswggG0MGswaTANBglghkgBZQMEAgEFAAQgMlOOdIW9N65FTx8NK5dV
11i5H26OOnrzl6D0AGBcb/gEIMwRyHQKBQnsTaFM5YhucjZMD2O2DtY0fxPBbucl
t2aiAhQSNBI0EjQSNBI0EjQSNBI0EjQSNDBrMGkwDQYJYIZIAWUDBAIBBQAEIDJT
jnSFvTeuRU8fDSuXVddYuR9ujjp685eg9ABgXG/4BCDMEch0CgUJ7E2hTOWIbnI2
TA9jtg7WNH8TwW7nJbdmogIUNFY0VjRWNFY0VjRWNFY0VjRWNFYwazBpMA0GCWCG
SAFlAwQCAQUABCAyU450hb03rkVPHw0rl1XXWLkfbo46evOXoPQAYFxv+AQgzBHI
dAoFCexNoUzliG5yNkwPY7YO1jR/E8Fu5yW3ZqICFFZ4VnhWeFZ4VnhWeFZ4VnhW
eFZ4MGswaTANBglghkgBZQMEAgEFAAQgMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMz
MzMzMzMzMzMEIEREREREREREREREREREREREREREREREREREREREREREAhQiMyIz
IjMiMyIzIjMiMyIzIjMiM6IhMB8wHQYJKwYBBQUHMAECBBARERERERERERERERER
ERER
-----END OCSP REQUEST-----
A.4.2.2. C509 OCSP Request

Plain Hex (132 bytes):

8500005011111111111111111111111111111111808648A01C73A5F3B06334808654
10652787FA0527BC2449A1BFC5AB31AA5A6F0D8D805475D8BC4FBAFC6694467641E7
48DFD53A8B9D176D8054D1AC135D7DA29BDCF4DCA0D5281A51605B67840080482222
222222222222808254D3A0C1E3DB92E8F6810537D45CFAECF6CE417E3B80

Textual Representation

C509UnsignedOCSPRequest
  Type: C509UnsignedOCSPRequest (0)
  Hash Algorithm: SHA256 (0)
  Nonce
    11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11
  Requests
    OcspPerIssuerRequest
      issuerCertHash
        a0:1c:73:a5:f3:b0:63:34
      extensions: <empty>
      singleRequests
        SingleCertRequest
          SerialNumberHash:
            10:65:27:87:fa:05:27:bc:24:49:a1:bf:c5:ab:31:aa:
            5a:6f:0d:8d
          Extensions: <empty>
        SingleCertRequest
          SerialNumberHash:
            75:d8:bc:4f:ba:fc:66:94:46:76:41:e7:48:df:d5:3a:
            8b:9d:17:6d
          Extensions: <empty>
        SingleCertRequest
          SerialNumberHash:
            d1:ac:13:5d:7d:a2:9b:dc:f4:dc:a0:d5:28:1a:51:60:
            5b:67:84:00
          Extensions: <empty>
    OcspPerIssuerRequest
      issuerCertHash
        22:22:22:22:22:22:22:22
      extensions: <empty>
      singleRequests
        SingleCertRequest
          SerialNumberHash:
            d3:a0:c1:e3:db:92:e8:f6:81:05:37:d4:5c:fa:ec:f6:
            ce:41:7e:3b
          Extensions: <empty>
  Extensions: <empty>

Annotated hex

  0: 85             # C509OCSPRequest=array[5]
  1:   00             # [0]. ocspRequestType=C509UnsignedOCSPRequest
                      #      (0)
  2:   00             # [1]. hashAlgorithm=SHA256 (0)
  3:   50             # [2]. nonce=byte[16]
  4:     11111111111111111111111111111111
 20:   80             # [3]. extensions=array[0]
 21:   86             # [4]. requests=array[6]
                        #---PerIssuerRequests[0]---
 22:     48             # [0]. issuerCertHash=byte[8]
 23:       A01C73A5F3B06334
 31:     80             # [1]. extensions=array[0]
 32:     86             # [2]. singleRequests=array[6]
                          #---SingleCertRequests[0]---
 33:       54             # [0]. serialNumberHash=byte[20]
 34:         10652787FA0527BC2449A1BFC5AB31AA5A6F0D8D
 54:       80             # [1]. extensions=array[0]
                          #---SingleCertRequests[1]---
 55:       54             # [2]. serialNumberHash=byte[20]
 56:         75D8BC4FBAFC6694467641E748DFD53A8B9D176D
 76:       80             # [3]. extensions=array[0]
                          #---SingleCertRequests[2]---
 77:       54             # [4]. serialNumberHash=byte[20]
 78:         D1AC135D7DA29BDCF4DCA0D5281A51605B678400
 98:       80             # [5]. extensions=array[0]
                        #---PerIssuerRequests[1]---
 99:     48             # [3]. issuerCertHash=byte[8]
100:       2222222222222222
108:     80             # [4]. extensions=array[0]
109:     82             # [5]. singleRequests=array[2]
                          #---SingleCertRequests[0]---
110:       54             # [0]. serialNumberHash=byte[20]
111:         D3A0C1E3DB92E8F6810537D45CFAECF6CE417E3B
131:       80             # [1]. extensions=array[0]

A.4.3. Signed OCSP Request Example Without Requestor's Certificate

  • Size reduction: 65%

  • Verifiable with certificate in Appendix A.2.3.2

  • Signed OCSP Request (C509UnsignedOCSPRequest) without requestor's certificate

  • Note that the X.509 OCSP Request and the C509 OCSP Request are not convertible.

A.4.3.1. X.509 OCSP Request

PEM content (592 bytes):

-----BEGIN OCSP REQUEST-----
MIICTDCCAfqhHaQbMBkxFzAVBgNVBAMMDm9jc3AtcmVxdWVzdG9yMIIBtDBrMGkw
DQYJYIZIAWUDBAIBBQAEIDJTjnSFvTeuRU8fDSuXVddYuR9ujjp685eg9ABgXG/4
BCDMEch0CgUJ7E2hTOWIbnI2TA9jtg7WNH8TwW7nJbdmogIUEjQSNBI0EjQSNBI0
EjQSNBI0EjQwazBpMA0GCWCGSAFlAwQCAQUABCAyU450hb03rkVPHw0rl1XXWLkf
bo46evOXoPQAYFxv+AQgzBHIdAoFCexNoUzliG5yNkwPY7YO1jR/E8Fu5yW3ZqIC
FDRWNFY0VjRWNFY0VjRWNFY0VjRWMGswaTANBglghkgBZQMEAgEFAAQgMlOOdIW9
N65FTx8NK5dV11i5H26OOnrzl6D0AGBcb/gEIMwRyHQKBQnsTaFM5YhucjZMD2O2
DtY0fxPBbuclt2aiAhRWeFZ4VnhWeFZ4VnhWeFZ4VnhWeDBrMGkwDQYJYIZIAWUD
BAIBBQAEIDMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzBCBERERERERE
RERERERERERERERERERERERERERERERERAIUIjMiMyIzIjMiMyIzIjMiMyIzIjOi
ITAfMB0GCSsGAQUFBzABAgQQEREREREREREREREREREREaBMMEowBQYDK2VwA0EA
DVI0VPbgwwEJDSdfds+dKJ6GpFdP724NTTYL1GMvn/loUMeJAnnJ7jbxvP/R1PE5
Zyh+lISXhR4F1lvXRAHYCA==
-----END OCSP REQUEST-----
A.4.3.2. C509 OCSP Request

Plain Hex (209 bytes):

89010C0050111111111111111111111111111111114844F0528B56F35AD9808648A0
1C73A5F3B0633480865410652787FA0527BC2449A1BFC5AB31AA5A6F0D8D805475D8
BC4FBAFC6694467641E748DFD53A8B9D176D8054D1AC135D7DA29BDCF4DCA0D5281A
51605B67840080482222222222222222808254D3A0C1E3DB92E8F6810537D45CFAEC
F6CE417E3B80F658407DA70BE70D8C88F5150218B2F60A21320D26FAF8DC198F1665
4D54CB617A1C3C3F420B3F2FBF74C9B107D81D1815C2CE09B22EAF491313003C49D4
3AAB8D970B

Textual Representation

C509SignedOCSPRequest
  TBSOCSPRequest
    Type: C509SignedOCSPRequest (1)
    Signature Algorithm: Ed25519 (12)
    Hash Algorithm: SHA256 (0)
    RequestorCertHash
      44:f0:52:8b:56:f3:5a:d9
    Nonce
      11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11
    Extensions: <empty>
    Requests
      OcspPerIssuerRequest
        issuerCertHash
          a0:1c:73:a5:f3:b0:63:34
        extensions: <empty>
        singleRequests
          SingleCertRequest
            SerialNumberHash:
              10:65:27:87:fa:05:27:bc:24:49:a1:bf:c5:ab:31:aa:
              5a:6f:0d:8d
            Extensions: <empty>
          SingleCertRequest
            SerialNumberHash:
              75:d8:bc:4f:ba:fc:66:94:46:76:41:e7:48:df:d5:3a:
              8b:9d:17:6d
            Extensions: <empty>
          SingleCertRequest
            SerialNumberHash:
              d1:ac:13:5d:7d:a2:9b:dc:f4:dc:a0:d5:28:1a:51:60:
              5b:67:84:00
            Extensions: <empty>
      OcspPerIssuerRequest
        issuerCertHash
          22:22:22:22:22:22:22:22
        extensions: <empty>
        singleRequests
          SingleCertRequest
            SerialNumberHash:
              d3:a0:c1:e3:db:92:e8:f6:81:05:37:d4:5c:fa:ec:f6:
              ce:41:7e:3b
            Extensions: <empty>
    Requestor Certs: null
  Signature Value
    7d:a7:0b:e7:0d:8c:88:f5:15:02:18:b2:f6:0a:21:32:
    0d:26:fa:f8:dc:19:8f:16:65:4d:54:cb:61:7a:1c:3c:
    3f:42:0b:3f:2f:bf:74:c9:b1:07:d8:1d:18:15:c2:ce:
    09:b2:2e:af:49:13:13:00:3c:49:d4:3a:ab:8d:97:0b

Annotated hex

  0: 89             # C509OCSPRequest=array[9]
  1:   01             # [0]. ocspRequestType=C509SignedOCSPRequest
                      #      (1)
  2:   0C             # [1]. signatureAlgorithm=Ed25519 (12)
  3:   00             # [2]. hashAlgorithm=SHA256 (0)
  4:   50             # [3]. nonce=byte[16]
  5:     11111111111111111111111111111111
 21:   48             # [4]. requestorCertHash=byte[8]
 22:     44F0528B56F35AD9
 30:   80             # [5]. extensions=array[0]
 31:   86             # [6]. requests=array[6]
                        #---PerIssuerRequests[0]---
 32:     48             # [0]. issuerCertHash=byte[8]
 33:       A01C73A5F3B06334
 41:     80             # [1]. extensions=array[0]
 42:     86             # [2]. singleRequests=array[6]
                          #---SingleCertRequests[0]---
 43:       54             # [0]. serialNumberHash=byte[20]
 44:         10652787FA0527BC2449A1BFC5AB31AA5A6F0D8D
 64:       80             # [1]. extensions=array[0]
                          #---SingleCertRequests[1]---
 65:       54             # [2]. serialNumberHash=byte[20]
 66:         75D8BC4FBAFC6694467641E748DFD53A8B9D176D
 86:       80             # [3]. extensions=array[0]
                          #---SingleCertRequests[2]---
 87:       54             # [4]. serialNumberHash=byte[20]
 88:         D1AC135D7DA29BDCF4DCA0D5281A51605B678400
108:       80             # [5]. extensions=array[0]
                        #---PerIssuerRequests[1]---
109:     48             # [3]. issuerCertHash=byte[8]
110:       2222222222222222
118:     80             # [4]. extensions=array[0]
119:     82             # [5]. singleRequests=array[2]
                          #---SingleCertRequests[0]---
120:       54             # [0]. serialNumberHash=byte[20]
121:         D3A0C1E3DB92E8F6810537D45CFAECF6CE417E3B
141:       80             # [1]. extensions=array[0]
142:   F6             # [7]. requestorCerts=<null>
143:   58 40          # [8]. signatureValue=byte[64]
145:     7DA70BE70D8C88F5150218B2F60A21320D26FAF8DC198F16654D54CB61
174:     7A1C3C3F420B3F2FBF74C9B107D81D1815C2CE09B22EAF491313003C49
203:     D43AAB8D970B

A.4.4. Signed OCSP Request Example With Requestor's Certificate

  • Size reduction: 60%

  • Verifiable with certificate in Appendix A.2.3.2

  • Signed OCSP Request (C509UnsignedOCSPRequest) with embedded requestor's certificate

  • Note that the X.509 OCSP Request and the C509 OCSP Request are not convertible.

A.4.4.1. X.509 OCSP Request

PEM content (1043 bytes):

-----BEGIN OCSP REQUEST-----
MIIEDzCCAnmhHaQbMBkxFzAVBgNVBAMMDm9jc3AtcmVxdWVzdG9yMIIBtDBrMGkw
DQYJYIZIAWUDBAIBBQAEIDJTjnSFvTeuRU8fDSuXVddYuR9ujjp685eg9ABgXG/4
BCDMEch0CgUJ7E2hTOWIbnI2TA9jtg7WNH8TwW7nJbdmogIUEjQSNBI0EjQSNBI0
EjQSNBI0EjQwazBpMA0GCWCGSAFlAwQCAQUABCAyU450hb03rkVPHw0rl1XXWLkf
bo46evOXoPQAYFxv+AQgzBHIdAoFCexNoUzliG5yNkwPY7YO1jR/E8Fu5yW3ZqIC
FDRWNFY0VjRWNFY0VjRWNFY0VjRWMGswaTANBglghkgBZQMEAgEFAAQgMlOOdIW9
N65FTx8NK5dV11i5H26OOnrzl6D0AGBcb/gEIMwRyHQKBQnsTaFM5YhucjZMD2O2
DtY0fxPBbuclt2aiAhRWeFZ4VnhWeFZ4VnhWeFZ4VnhWeDBrMGkwDQYJYIZIAWUD
BAIBBQAEIDMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzBCBERERERERE
RERERERERERERERERERERERERERERERERAIUIjMiMyIzIjMiMyIzIjMiMyIzIjOi
gZ8wgZwwGgYJKwYBBQUHMAEEBA0wCwYJKwYBBQUHMAEBMF8GCSsGAQUFBzABCARS
MFAwBzAFBgMrZXAwITAKBggqhkjOPQQDAjATBgcqhkjOPQIBBggqhkjOPQMBBzAi
MAoGCCqGSM49BAMCMBQGByqGSM49AgEGCSskAwMCCAEBBzAdBgkrBgEFBQcwAQIE
EBERERERERERERERERERERGgggGOMIIBijAFBgMrZXADQQDwRoT41xL70gT6+NTW
ayTN07XdRKwHRyfduMPbJy0AsRw9TKioMQoLnts6C+6k4s+rORjaTcvZ0Aqv5fQ6
UJMFoIIBPDCCATgwggE0MIHnoAMCAQICAhI2MAUGAytlcDAaMRgwFgYDVQQDDA90
ZXN0IGNybG9jc3AtY2EwHhcNMjUwMTAyMDAwMDAwWhcNMjYwMTAyMDAwMDAwWjAZ
MRcwFQYDVQQDDA5vY3NwLXJlcXVlc3RvcjAqMAUGAytlcAMhAARTCxdk7dS04zq0
SvD4OJYcAHF210tqNUbst/1XMg3To1IwUDAdBgNVHQ4EFgQUsTbUWYobG2qG2mUQ
rqVk2BKX5PkwDgYDVR0PAQH/BAQDAgeAMB8GA1UdIwQYMBaAFNl9d+Y0wvcAMAyl
j8h3NlsVUAeiMAUGAytlcANBAJj5kiFekcWb6v8et+o+/Suqfh29AdErA3eBmFnJ
Z5A/+c/q9jFbvdahCBJJteLJhUIc0BJ0GlmWOBLI0no1fQI=
-----END OCSP REQUEST-----
A.4.4.2. C509 OCSP Request

Plain Hex (420 bytes):

89010C0050111111111111111111111111111111114844F0528B56F35AD984185D82
0001185E840CF600820118188648A01C73A5F3B0633480865410652787FA0527BC24
49A1BFC5AB31AA5A6F0D8D805475D8BC4FBAFC6694467641E748DFD53A8B9D176D80
54D1AC135D7DA29BDCF4DCA0D5281A51605B67840080482222222222222222808254
D3A0C1E3DB92E8F6810537D45CFAECF6CE417E3B8058C38B024212360C6F74657374
2063726C6F6373702D63611A6775D7001A69570A806E6F6373702D72657175657374
6F720C582004530B1764EDD4B4E33AB44AF0F838961C007176D74B6A3546ECB7FD57
320DD3860154DD51BDB2A2C791C062D4027856DBACF52607F0BE210107542F45E78D
2CAEDF368CDF53C39005D492450E10565840F8C6183ECF8C3EFD50DD4942D172814C
46EC0FC01DD586A597178DF864A0D9DA86B7CA17FC9F772FF04C80E98B60D5B4B624
08A277A5B70D0D2A3F5ED5442D075840EBF95F92812C9DF3DBC7C19699D5254485AD
DC930695239D1D68BF7988F3F1B0C76A588BF42F4FCFF373C3705AEB56FC3B6CDEAA
F66DA0F5BBB735F4A1CDB004

Textual Representation

C509SignedOCSPRequest
  TBSOCSPRequest
    Type: C509SignedOCSPRequest (1)
    Signature Algorithm: Ed25519 (12)
    Hash Algorithm: SHA256 (0)
    RequestorCertHash
      44:f0:52:8b:56:f3:5a:d9
    Nonce
      11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11
    Extensions
      AcceptOCSPResponseTypes (93)
        C509ErrorOCSPResponse (0)
        C509BasicOCSPResponse (1)
      preferredSignatureAlgorithms (94)
          Preferred Signature Algorithm:
            Signature Algorithm: Ed25519 (12)
          Preferred Signature Algorithm:
            Signature Algorithm: ecdsa-with-sha256 (0)
            Public Key Algorithms:
              EC public key on curve secp256r1 (1)
              EC public key on curve brainpoolp256r1 (24)
    Requests
      OcspPerIssuerRequest
        issuerCertHash
          a0:1c:73:a5:f3:b0:63:34
        extensions: <empty>
        singleRequests
          SingleCertRequest
            SerialNumberHash:
              10:65:27:87:fa:05:27:bc:24:49:a1:bf:c5:ab:31:aa:
              5a:6f:0d:8d
            Extensions: <empty>
          SingleCertRequest
            SerialNumberHash:
              75:d8:bc:4f:ba:fc:66:94:46:76:41:e7:48:df:d5:3a:
              8b:9d:17:6d
            Extensions: <empty>
          SingleCertRequest
            SerialNumberHash:
              d1:ac:13:5d:7d:a2:9b:dc:f4:dc:a0:d5:28:1a:51:60:
              5b:67:84:00
            Extensions: <empty>
      OcspPerIssuerRequest
        issuerCertHash
          22:22:22:22:22:22:22:22
        extensions: <empty>
        singleRequests
          SingleCertRequest
            SerialNumberHash:
              d3:a0:c1:e3:db:92:e8:f6:81:05:37:d4:5c:fa:ec:f6:
              ce:41:7e:3b
            Extensions: <empty>
    Requestor Certs
      C509Certificate
        8b:02:42:12:36:0c:6f:74:65:73:74:20:63:72:6c:6f:
        63:73:70:2d:63:61:1a:67:75:d7:00:1a:69:57:0a:80:
        6e:6f:63:73:70:2d:72:65:71:75:65:73:74:6f:72:0c:
        58:20:04:53:0b:17:64:ed:d4:b4:e3:3a:b4:4a:f0:f8:
        38:96:1c:00:71:76:d7:4b:6a:35:46:ec:b7:fd:57:32:
        0d:d3:86:01:54:dd:51:bd:b2:a2:c7:91:c0:62:d4:02:
        78:56:db:ac:f5:26:07:f0:be:21:01:07:54:2f:45:e7:
        8d:2c:ae:df:36:8c:df:53:c3:90:05:d4:92:45:0e:10:
        56:58:40:f8:c6:18:3e:cf:8c:3e:fd:50:dd:49:42:d1:
        72:81:4c:46:ec:0f:c0:1d:d5:86:a5:97:17:8d:f8:64:
        a0:d9:da:86:b7:ca:17:fc:9f:77:2f:f0:4c:80:e9:8b:
        60:d5:b4:b6:24:08:a2:77:a5:b7:0d:0d:2a:3f:5e:d5:
        44:2d:07
  Signature Value
    eb:f9:5f:92:81:2c:9d:f3:db:c7:c1:96:99:d5:25:44:
    85:ad:dc:93:06:95:23:9d:1d:68:bf:79:88:f3:f1:b0:
    c7:6a:58:8b:f4:2f:4f:cf:f3:73:c3:70:5a:eb:56:fc:
    3b:6c:de:aa:f6:6d:a0:f5:bb:b7:35:f4:a1:cd:b0:04

Annotated hex

  0: 89             # C509OCSPRequest=array[9]
  1:   01             # [0]. ocspRequestType=C509SignedOCSPRequest
                      #      (1)
  2:   0C             # [1]. signatureAlgorithm=Ed25519 (12)
  3:   00             # [2]. hashAlgorithm=SHA256 (0)
  4:   50             # [3]. nonce=byte[16]
  5:     11111111111111111111111111111111
 21:   48             # [4]. requestorCertHash=byte[8]
 22:     44F0528B56F35AD9
 30:   84             # [5]. extensions=array[4]
                        #---extension[0]---
 31:     18 5D          # [0]. type=AcceptOCSPResponseTypes (93)
 33:     82             # [1]. value=array[2]
 34:       00             # [0]. C509ErrorOCSPResponse (0)
 35:       01             # [1]. C509BasicOCSPResponse (1)
                        #---extension[1]---
 36:     18 5E          # [2]. type=preferredSignatureAlgorithms
                        #      (94)
 38:     84             # [3]. value=array[4]
                          #---preferredSignatureAlgorithms[0]---
 39:       0C             # [0]. sigIdentifier=Ed25519 (12)
 40:       F6             # [1]. pubKeyAlgIdentifiers=<null>
                          #---preferredSignatureAlgorithms[1]---
 41:       00             # [2]. sigIdentifier=ecdsa-with-sha256 (0)
 42:       82             # [3]. pubKeyAlgIdentifiers=array[2]
 43:         01             # [0]. pubKeyAlgIdentifier=EC public key
                            #      on curve secp256r1 (1)
 44:         18 18          # [1]. pubKeyAlgIdentifier=EC public key
                            #      on curve brainpoolp256r1 (24)
 46:   86             # [6]. requests=array[6]
                        #---PerIssuerRequests[0]---
 47:     48             # [0]. issuerCertHash=byte[8]
 48:       A01C73A5F3B06334
 56:     80             # [1]. extensions=array[0]
 57:     86             # [2]. singleRequests=array[6]
                          #---SingleCertRequests[0]---
 58:       54             # [0]. serialNumberHash=byte[20]
 59:         10652787FA0527BC2449A1BFC5AB31AA5A6F0D8D
 79:       80             # [1]. extensions=array[0]
                          #---SingleCertRequests[1]---
 80:       54             # [2]. serialNumberHash=byte[20]
 81:         75D8BC4FBAFC6694467641E748DFD53A8B9D176D
101:       80             # [3]. extensions=array[0]
                          #---SingleCertRequests[2]---
102:       54             # [4]. serialNumberHash=byte[20]
103:         D1AC135D7DA29BDCF4DCA0D5281A51605B678400
123:       80             # [5]. extensions=array[0]
                        #---PerIssuerRequests[1]---
124:     48             # [3]. issuerCertHash=byte[8]
125:       2222222222222222
133:     80             # [4]. extensions=array[0]
134:     82             # [5]. singleRequests=array[2]
                          #---SingleCertRequests[0]---
135:       54             # [0]. serialNumberHash=byte[20]
136:         D3A0C1E3DB92E8F6810537D45CFAECF6CE417E3B
156:       80             # [1]. extensions=array[0]
157:   58 C3          # [7]. requestorCerts(COSE_C509)=byte[195]
159:     8B024212360C6F746573742063726C6F6373702D63611A6775D7001A69
188:     570A806E6F6373702D726571756573746F720C582004530B1764EDD4B4
217:     E33AB44AF0F838961C007176D74B6A3546ECB7FD57320DD3860154DD51
246:     BDB2A2C791C062D4027856DBACF52607F0BE210107542F45E78D2CAEDF
275:     368CDF53C39005D492450E10565840F8C6183ECF8C3EFD50DD4942D172
304:     814C46EC0FC01DD586A597178DF864A0D9DA86B7CA17FC9F772FF04C80
333:     E98B60D5B4B62408A277A5B70D0D2A3F5ED5442D07
354:   58 40          # [8]. signatureValue=byte[64]
356:     EBF95F92812C9DF3DBC7C19699D5254485ADDC930695239D1D68BF7988
385:     F3F1B0C76A588BF42F4FCFF373C3705AEB56FC3B6CDEAAF66DA0F5BBB7
414:     35F4A1CDB004

A.4.5. Signed OCSP Request Example With Requestor's Certificate Chain

  • Size reduction: 55%

  • Verifiable with certificate in Appendix A.2.3.2

  • Signed OCSP Request (C509UnsignedOCSPRequest) with embedded requestor's certificate chain (2 certificates)

  • Note that the X.509 OCSP Request and the C509 OCSP Request are not convertible.

A.4.5.1. X.509 OCSP Request

PEM content (1379 bytes):

-----BEGIN OCSP REQUEST-----
MIIFXzCCAnmhHaQbMBkxFzAVBgNVBAMMDm9jc3AtcmVxdWVzdG9yMIIBtDBrMGkw
DQYJYIZIAWUDBAIBBQAEIDJTjnSFvTeuRU8fDSuXVddYuR9ujjp685eg9ABgXG/4
BCDMEch0CgUJ7E2hTOWIbnI2TA9jtg7WNH8TwW7nJbdmogIUEjQSNBI0EjQSNBI0
EjQSNBI0EjQwazBpMA0GCWCGSAFlAwQCAQUABCAyU450hb03rkVPHw0rl1XXWLkf
bo46evOXoPQAYFxv+AQgzBHIdAoFCexNoUzliG5yNkwPY7YO1jR/E8Fu5yW3ZqIC
FDRWNFY0VjRWNFY0VjRWNFY0VjRWMGswaTANBglghkgBZQMEAgEFAAQgMlOOdIW9
N65FTx8NK5dV11i5H26OOnrzl6D0AGBcb/gEIMwRyHQKBQnsTaFM5YhucjZMD2O2
DtY0fxPBbuclt2aiAhRWeFZ4VnhWeFZ4VnhWeFZ4VnhWeDBrMGkwDQYJYIZIAWUD
BAIBBQAEIDMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzBCBERERERERE
RERERERERERERERERERERERERERERERERAIUIjMiMyIzIjMiMyIzIjMiMyIzIjOi
gZ8wgZwwGgYJKwYBBQUHMAEEBA0wCwYJKwYBBQUHMAEBMF8GCSsGAQUFBzABCARS
MFAwBzAFBgMrZXAwITAKBggqhkjOPQQDAjATBgcqhkjOPQIBBggqhkjOPQMBBzAi
MAoGCCqGSM49BAMCMBQGByqGSM49AgEGCSskAwMCCAEBBzAdBgkrBgEFBQcwAQIE
EBERERERERERERERERERERGgggLeMIIC2jAFBgMrZXADQQDwRoT41xL70gT6+NTW
ayTN07XdRKwHRyfduMPbJy0AsRw9TKioMQoLnts6C+6k4s+rORjaTcvZ0Aqv5fQ6
UJMFoIICjDCCAogwggE0MIHnoAMCAQICAhI2MAUGAytlcDAaMRgwFgYDVQQDDA90
ZXN0IGNybG9jc3AtY2EwHhcNMjUwMTAyMDAwMDAwWhcNMjYwMTAyMDAwMDAwWjAZ
MRcwFQYDVQQDDA5vY3NwLXJlcXVlc3RvcjAqMAUGAytlcAMhAARTCxdk7dS04zq0
SvD4OJYcAHF210tqNUbst/1XMg3To1IwUDAdBgNVHQ4EFgQUsTbUWYobG2qG2mUQ
rqVk2BKX5PkwDgYDVR0PAQH/BAQDAgeAMB8GA1UdIwQYMBaAFNl9d+Y0wvcAMAyl
j8h3NlsVUAeiMAUGAytlcANBAJj5kiFekcWb6v8et+o+/Suqfh29AdErA3eBmFnJ
Z5A/+c/q9jFbvdahCBJJteLJhUIc0BJ0GlmWOBLI0no1fQIwggFMMIH/oAMCAQIC
AQEwBQYDK2VwMB4xHDAaBgNVBAMME3Rlc3QgY3Jsb2NzcC1yb290Y2EwHhcNMjUw
MTAxMDAwMDAwWhcNMjYxMjMxMjM1OTU5WjAaMRgwFgYDVQQDDA90ZXN0IGNybG9j
c3AtY2EwKjAFBgMrZXADIQBe+KNVoAGnxQ0jSUcBIIExpLsquSDUC/sO4farKP90
AKNmMGQwHQYDVR0OBBYEFNl9d+Y0wvcAMAylj8h3NlsVUAeiMA4GA1UdDwEB/wQE
AwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMB8GA1UdIwQYMBaAFJEjnPr554Nssp9R
4TGR2xDTrhaTMAUGAytlcANBANZeAdfL+kF/sXuZ95ftaSevVi/2Po01s+On04Fg
zGRnQBBNjzkYl92rEZjz0FomGSBDYqb4PDOIIRs2vFY9QQI=
-----END OCSP REQUEST-----
A.4.5.2. C509 OCSP Request

Plain Hex (625 bytes):

89010C0050111111111111111111111111111111114844F0528B56F35AD984185D82
0001185E840CF600820118188648A01C73A5F3B0633480865410652787FA0527BC24
49A1BFC5AB31AA5A6F0D8D805475D8BC4FBAFC6694467641E748DFD53A8B9D176D80
54D1AC135D7DA29BDCF4DCA0D5281A51605B67840080482222222222222222808254
D3A0C1E3DB92E8F6810537D45CFAECF6CE417E3B808258C38B024212360C6F746573
742063726C6F6373702D63611A6775D7001A69570A806E6F6373702D726571756573
746F720C582004530B1764EDD4B4E33AB44AF0F838961C007176D74B6A3546ECB7FD
57320DD3860154DD51BDB2A2C791C062D4027856DBACF52607F0BE210107542F45E7
8D2CAEDF368CDF53C39005D492450E10565840F8C6183ECF8C3EFD50DD4942D17281
4C46EC0FC01DD586A597178DF864A0D9DA86B7CA17FC9F772FF04C80E98B60D5B4B6
2408A277A5B70D0D2A3F5ED5442D0758CA8B0241010C73746573742063726C6F6373
702D726F6F7463611A677485801A6B36EC7F6F746573742063726C6F6373702D6361
0C58205EF8A355A001A7C50D23494701208131A4BB2AB920D40BFB0EE1F6AB28FF74
008801542F45E78D2CAEDF368CDF53C39005D492450E1056211860230107542DA3A4
03F7D2F4E0B3D8031A73BA8A839F557F0F5840E50465D60C02A2111EF3FC6E44F2A3
6008765B552351F9A3F5B2AA7C76F1F05D259847A4F4250B2E4B0AE2099762A2596D
3CC1DB2CCD180AA0A2D0E191310B0F584071D39CBD6611FD5B0C3092FCE58016B966
232851AC3167CD0CDEF47DF0F0BC738616EB65BB2BA509C8CF45EDBC9B784A4A7092
5E97AE152871E9D665C477500E

Textual Representation

C509SignedOCSPRequest
  TBSOCSPRequest
    Type: C509SignedOCSPRequest (1)
    Signature Algorithm: Ed25519 (12)
    Hash Algorithm: SHA256 (0)
    RequestorCertHash
      44:f0:52:8b:56:f3:5a:d9
    Nonce
      11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11
    Extensions
      AcceptOCSPResponseTypes (93)
        C509ErrorOCSPResponse (0)
        C509BasicOCSPResponse (1)
      preferredSignatureAlgorithms (94)
          Preferred Signature Algorithm:
            Signature Algorithm: Ed25519 (12)
          Preferred Signature Algorithm:
            Signature Algorithm: ecdsa-with-sha256 (0)
            Public Key Algorithms:
              EC public key on curve secp256r1 (1)
              EC public key on curve brainpoolp256r1 (24)
    Requests
      OcspPerIssuerRequest
        issuerCertHash
          a0:1c:73:a5:f3:b0:63:34
        extensions: <empty>
        singleRequests
          SingleCertRequest
            SerialNumberHash:
              10:65:27:87:fa:05:27:bc:24:49:a1:bf:c5:ab:31:aa:
              5a:6f:0d:8d
            Extensions: <empty>
          SingleCertRequest
            SerialNumberHash:
              75:d8:bc:4f:ba:fc:66:94:46:76:41:e7:48:df:d5:3a:
              8b:9d:17:6d
            Extensions: <empty>
          SingleCertRequest
            SerialNumberHash:
              d1:ac:13:5d:7d:a2:9b:dc:f4:dc:a0:d5:28:1a:51:60:
              5b:67:84:00
            Extensions: <empty>
      OcspPerIssuerRequest
        issuerCertHash
          22:22:22:22:22:22:22:22
        extensions: <empty>
        singleRequests
          SingleCertRequest
            SerialNumberHash:
              d3:a0:c1:e3:db:92:e8:f6:81:05:37:d4:5c:fa:ec:f6:
              ce:41:7e:3b
            Extensions: <empty>
    Requestor Certs
      C509Certificate
        8b:02:42:12:36:0c:6f:74:65:73:74:20:63:72:6c:6f:
        63:73:70:2d:63:61:1a:67:75:d7:00:1a:69:57:0a:80:
        6e:6f:63:73:70:2d:72:65:71:75:65:73:74:6f:72:0c:
        58:20:04:53:0b:17:64:ed:d4:b4:e3:3a:b4:4a:f0:f8:
        38:96:1c:00:71:76:d7:4b:6a:35:46:ec:b7:fd:57:32:
        0d:d3:86:01:54:dd:51:bd:b2:a2:c7:91:c0:62:d4:02:
        78:56:db:ac:f5:26:07:f0:be:21:01:07:54:2f:45:e7:
        8d:2c:ae:df:36:8c:df:53:c3:90:05:d4:92:45:0e:10:
        56:58:40:f8:c6:18:3e:cf:8c:3e:fd:50:dd:49:42:d1:
        72:81:4c:46:ec:0f:c0:1d:d5:86:a5:97:17:8d:f8:64:
        a0:d9:da:86:b7:ca:17:fc:9f:77:2f:f0:4c:80:e9:8b:
        60:d5:b4:b6:24:08:a2:77:a5:b7:0d:0d:2a:3f:5e:d5:
        44:2d:07
      C509Certificate
        8b:02:41:01:0c:73:74:65:73:74:20:63:72:6c:6f:63:
        73:70:2d:72:6f:6f:74:63:61:1a:67:74:85:80:1a:6b:
        36:ec:7f:6f:74:65:73:74:20:63:72:6c:6f:63:73:70:
        2d:63:61:0c:58:20:5e:f8:a3:55:a0:01:a7:c5:0d:23:
        49:47:01:20:81:31:a4:bb:2a:b9:20:d4:0b:fb:0e:e1:
        f6:ab:28:ff:74:00:88:01:54:2f:45:e7:8d:2c:ae:df:
        36:8c:df:53:c3:90:05:d4:92:45:0e:10:56:21:18:60:
        23:01:07:54:2d:a3:a4:03:f7:d2:f4:e0:b3:d8:03:1a:
        73:ba:8a:83:9f:55:7f:0f:58:40:e5:04:65:d6:0c:02:
        a2:11:1e:f3:fc:6e:44:f2:a3:60:08:76:5b:55:23:51:
        f9:a3:f5:b2:aa:7c:76:f1:f0:5d:25:98:47:a4:f4:25:
        0b:2e:4b:0a:e2:09:97:62:a2:59:6d:3c:c1:db:2c:cd:
        18:0a:a0:a2:d0:e1:91:31:0b:0f
  Signature Value
    71:d3:9c:bd:66:11:fd:5b:0c:30:92:fc:e5:80:16:b9:
    66:23:28:51:ac:31:67:cd:0c:de:f4:7d:f0:f0:bc:73:
    86:16:eb:65:bb:2b:a5:09:c8:cf:45:ed:bc:9b:78:4a:
    4a:70:92:5e:97:ae:15:28:71:e9:d6:65:c4:77:50:0e

Annotated hex

  0: 89             # C509OCSPRequest=array[9]
  1:   01             # [0]. ocspRequestType=C509SignedOCSPRequest
                      #      (1)
  2:   0C             # [1]. signatureAlgorithm=Ed25519 (12)
  3:   00             # [2]. hashAlgorithm=SHA256 (0)
  4:   50             # [3]. nonce=byte[16]
  5:     11111111111111111111111111111111
 21:   48             # [4]. requestorCertHash=byte[8]
 22:     44F0528B56F35AD9
 30:   84             # [5]. extensions=array[4]
                        #---extension[0]---
 31:     18 5D          # [0]. type=AcceptOCSPResponseTypes (93)
 33:     82             # [1]. value=array[2]
 34:       00             # [0]. C509ErrorOCSPResponse (0)
 35:       01             # [1]. C509BasicOCSPResponse (1)
                        #---extension[1]---
 36:     18 5E          # [2]. type=preferredSignatureAlgorithms
                        #      (94)
 38:     84             # [3]. value=array[4]
                          #---preferredSignatureAlgorithms[0]---
 39:       0C             # [0]. sigIdentifier=Ed25519 (12)
 40:       F6             # [1]. pubKeyAlgIdentifiers=<null>
                          #---preferredSignatureAlgorithms[1]---
 41:       00             # [2]. sigIdentifier=ecdsa-with-sha256 (0)
 42:       82             # [3]. pubKeyAlgIdentifiers=array[2]
 43:         01             # [0]. pubKeyAlgIdentifier=EC public key
                            #      on curve secp256r1 (1)
 44:         18 18          # [1]. pubKeyAlgIdentifier=EC public key
                            #      on curve brainpoolp256r1 (24)
 46:   86             # [6]. requests=array[6]
                        #---PerIssuerRequests[0]---
 47:     48             # [0]. issuerCertHash=byte[8]
 48:       A01C73A5F3B06334
 56:     80             # [1]. extensions=array[0]
 57:     86             # [2]. singleRequests=array[6]
                          #---SingleCertRequests[0]---
 58:       54             # [0]. serialNumberHash=byte[20]
 59:         10652787FA0527BC2449A1BFC5AB31AA5A6F0D8D
 79:       80             # [1]. extensions=array[0]
                          #---SingleCertRequests[1]---
 80:       54             # [2]. serialNumberHash=byte[20]
 81:         75D8BC4FBAFC6694467641E748DFD53A8B9D176D
101:       80             # [3]. extensions=array[0]
                          #---SingleCertRequests[2]---
102:       54             # [4]. serialNumberHash=byte[20]
103:         D1AC135D7DA29BDCF4DCA0D5281A51605B678400
123:       80             # [5]. extensions=array[0]
                        #---PerIssuerRequests[1]---
124:     48             # [3]. issuerCertHash=byte[8]
125:       2222222222222222
133:     80             # [4]. extensions=array[0]
134:     82             # [5]. singleRequests=array[2]
                          #---SingleCertRequests[0]---
135:       54             # [0]. serialNumberHash=byte[20]
136:         D3A0C1E3DB92E8F6810537D45CFAECF6CE417E3B
156:       80             # [1]. extensions=array[0]
157:   82             # [7]. requestorCerts(COSE_C509)=array[2]
158:     58 C3          # [0]. C509CertData=byte[195]
160:       8B024212360C6F746573742063726C6F6373702D63611A6775D7001A
188:       69570A806E6F6373702D726571756573746F720C582004530B1764ED
216:       D4B4E33AB44AF0F838961C007176D74B6A3546ECB7FD57320DD38601
244:       54DD51BDB2A2C791C062D4027856DBACF52607F0BE210107542F45E7
272:       8D2CAEDF368CDF53C39005D492450E10565840F8C6183ECF8C3EFD50
300:       DD4942D172814C46EC0FC01DD586A597178DF864A0D9DA86B7CA17FC
328:       9F772FF04C80E98B60D5B4B62408A277A5B70D0D2A3F5ED5442D07
355:     58 CA          # [1]. C509CertData=byte[202]
357:       8B0241010C73746573742063726C6F6373702D726F6F7463611A6774
385:       85801A6B36EC7F6F746573742063726C6F6373702D63610C58205EF8
413:       A355A001A7C50D23494701208131A4BB2AB920D40BFB0EE1F6AB28FF
441:       74008801542F45E78D2CAEDF368CDF53C39005D492450E1056211860
469:       230107542DA3A403F7D2F4E0B3D8031A73BA8A839F557F0F5840E504
497:       65D60C02A2111EF3FC6E44F2A36008765B552351F9A3F5B2AA7C76F1
525:       F05D259847A4F4250B2E4B0AE2099762A2596D3CC1DB2CCD180AA0A2
553:       D0E191310B0F
559:   58 40          # [8]. signatureValue=byte[64]
561:     71D39CBD6611FD5B0C3092FCE58016B966232851AC3167CD0CDEF47DF0
590:     F0BC738616EB65BB2BA509C8CF45EDBC9B784A4A70925E97AE152871E9
619:     D665C477500E

A.5. OCSP Response Examples

A.5.1. Error OCSP Response Example

  • Size reduction: 40%

  • Error Response (C509ErrorOCSPResponse)

A.5.1.1. X.509 OCSP Response

PEM content (5 bytes):

-----BEGIN OCSP RESPONSE-----
MAMKAQY=
-----END OCSP RESPONSE-----
A.5.1.2. C509 OCSP Response

Plain Hex (3 bytes):

820006

Textual Representation

C509ErrorResponse
  Type:   C509ErrorOCSPResponse (0)
  Status: unauthorized (6)

Annotated hex

0: 82             # C509OCSPResponse=array[2]
1:   00             # [0]. ocspResponseType=C509ErrorOCSPResponse
                    #      (0)
2:   06             # [1]. responseStatus=unauthorized (6)

A.5.2. Simple OCSP Response Example

  • Size reduction: 59%

  • Verifiable with certificate in Appendix A.2.4.2

  • Simple OCSP Response (C509SimpleOCSPResponse) without responder's certificate

  • Note that the X.509 OCSP response and the C509 OCSP response are not convertible.

A.5.2.1. X.509 OCSP Response

PEM content (338 bytes):

-----BEGIN OCSP RESPONSE-----
MIIBTgoBAKCCAUcwggFDBgkrBgEFBQcwAQEEggE0MIIBMDCB46IWBBTq5ZqK6ar0
EEsV5Q6O4BcVF3QYrxgPMjAyNTAzMDMwMDAwMDBaMIGUMIGRMGkwDQYJYIZIAWUD
BAIBBQAEIDJTjnSFvTeuRU8fDSuXVddYuR9ujjp685eg9ABgXG/4BCDMEch0CgUJ
7E2hTOWIbnI2TA9jtg7WNH8TwW7nJbdmogIUEjQSNBI0EjQSNBI0EjQSNBI0EjSA
ABgPMjAyNTAzMDIxNjAwMDBaoBEYDzIwMjUwMzAzMDcwMDAwWqEhMB8wHQYJKwYB
BQUHMAECBBARERERERERERERERERERERMAUGAytlcANBAGEzM3X9KkpZLfpEMRoz
3TwWMLEfWkJkVHA++53Yj9QrrI6Sqry4t9AouNcGLORbv42mroG3GkYESuMSK3uG
Wgg=
-----END OCSP RESPONSE-----
A.5.2.2. C509 OCSP Response

Plain Hex (140 bytes):

8E020C005011111111111111111111111111111111480600867838E3311A48A01C73
A5F3B063345410652787FA0527BC2449A1BFC5AB31AA5A6F0D8D001A67C4F1003970
7F19627080F65840E3419955AEB3D74AD5BC7D32264E8976C3AB6F68643C6BF66CC2
F9352FF3E861A0BD1506C78B09D3FAE869D1FD3C87EF461CF6D2096EA0AC11FCFF5E
BC0FA70C

Textual Representation

C509SimpleOCSPResponse
  TBSSimpleOCSPResponse
    Type: C509SimpleOCSPResponse (2)
    Signature Algorithm: Ed25519 (12)
    Hash Algorithm: SHA256 (0)
    Nonce
      11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11
    ResponderCertHash
      06:00:86:78:38:e3:31:1a
    IssuerCertHash
      a0:1c:73:a5:f3:b0:63:34
    SerialNumberHash
      10:65:27:87:fa:05:27:bc:24:49:a1:bf:c5:ab:31:aa:
      5a:6f:0d:8d
    Cert Status: good
    ProducedAt: 2025-03-03T00:00:00Z
    This Update: -28800, 2025-03-02T16:00:00Z
    Next Update: 25200, 2025-03-03T07:00:00Z
    Extensions: <empty>
    Responder Certs: null
  Signature Value
    e3:41:99:55:ae:b3:d7:4a:d5:bc:7d:32:26:4e:89:76:
    c3:ab:6f:68:64:3c:6b:f6:6c:c2:f9:35:2f:f3:e8:61:
    a0:bd:15:06:c7:8b:09:d3:fa:e8:69:d1:fd:3c:87:ef:
    46:1c:f6:d2:09:6e:a0:ac:11:fc:ff:5e:bc:0f:a7:0c

Annotated hex

  0: 8E             # C509OCSPResponse=array[14]
  1:   02             # [0]. ocspResponseType=C509SimpleOCSPResponse
                      #      (2)
  2:   0C             # [1]. signatureAlgorithm=Ed25519 (12)
  3:   00             # [2]. hashAlgorithm=SHA256 (0)
  4:   50             # [3]. nonce=byte[16]
  5:     11111111111111111111111111111111
 21:   48             # [4]. responderCertHash=byte[8]
 22:     0600867838E3311A
 30:   48             # [5]. issuerCertHash=byte[8]
 31:     A01C73A5F3B06334
 39:   54             # [6]. serialNumberHash=byte[20]
 40:     10652787FA0527BC2449A1BFC5AB31AA5A6F0D8D
 60:   00             # [7]. certStatus=good (0)
 61:   1A 67C4F100    # [8]. producedAt=1740960000:
                      #      2025-03-03T00:00:00Z
 66:   39 707F        # [9]. thisUpdate=-28800: 2025-03-02T16:00:00Z
 69:   19 6270        # [10]. nextUpdate=25200: 2025-03-03T07:00:00Z
 72:   80             # [11]. extensions=array[0]
 73:   F6             # [12]. responderCerts=<null>
 74:   58 40          # [13]. signatureValue=byte[64]
 76:     E3419955AEB3D74AD5BC7D32264E8976C3AB6F68643C6BF66CC2F9352F
105:     F3E861A0BD1506C78B09D3FAE869D1FD3C87EF461CF6D2096EA0AC11FC
134:     FF5EBC0FA70C

A.5.3. Basic OCSP Response Example Without Responder's Certificate

  • Size reduction: 71%

  • Verifiable with certificate in Appendix A.2.4.2

  • Basic OCSP Response (C509BasicOCSPResponse) without responder's certificate

  • Note that the X.509 OCSP response and the C509 OCSP response are not convertible.

A.5.3.1. X.509 OCSP Response

PEM content (845 bytes):

-----BEGIN OCSP RESPONSE-----
MIIDSQoBAKCCA0IwggM+BgkrBgEFBQcwAQEEggMvMIIDKzCCAt2iFgQU6uWaiumq
9BBLFeUOjuAXFRd0GK8YDzIwMjUwMzAzMDAwMDAwWjCCAnwwgZEwaTANBglghkgB
ZQMEAgEFAAQgMlOOdIW9N65FTx8NK5dV11i5H26OOnrzl6D0AGBcb/gEIMwRyHQK
BQnsTaFM5YhucjZMD2O2DtY0fxPBbuclt2aiAhQSNBI0EjQSNBI0EjQSNBI0EjQS
NIAAGA8yMDI1MDMwMjE2MDAwMFqgERgPMjAyNTAzMDMwNzAwMDBaMIGnMGkwDQYJ
YIZIAWUDBAIBBQAEIDJTjnSFvTeuRU8fDSuXVddYuR9ujjp685eg9ABgXG/4BCDM
Ech0CgUJ7E2hTOWIbnI2TA9jtg7WNH8TwW7nJbdmogIUNFY0VjRWNFY0VjRWNFY0
VjRWNFahFhgPMTk3MDAxMDEwMDAwMDBaoAMKAQYYDzIwMjUwMzAyMTYwMDAwWqAR
GA8yMDI1MDMwMzA3MDAwMFowgacwaTANBglghkgBZQMEAgEFAAQgMlOOdIW9N65F
Tx8NK5dV11i5H26OOnrzl6D0AGBcb/gEIMwRyHQKBQnsTaFM5YhucjZMD2O2DtY0
fxPBbuclt2aiAhRWeFZ4VnhWeFZ4VnhWeFZ4VnhWeKEWGA8yMDI1MDMwMTE2MDAw
MFqgAwoBBBgPMjAyNTAzMDIxNjAwMDBaoBEYDzIwMjUwMzAzMDcwMDAwWjCBkTBp
MA0GCWCGSAFlAwQCAQUABCAzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMz
MwQgREREREREREREREREREREREREREREREREREREREREREQCFCIzIjMiMyIzIjMi
MyIzIjMiMyIzggAYDzIwMjUwMzAyMTYwMDAwWqARGA8yMDI1MDMwMzA3MDAwMFqh
MjAwMB0GCSsGAQUFBzABAgQQERERERERERERERERERERETAPBgkrBgEFBQcwAQkE
AgUAMAUGAytlcANBAHrbfHeKVrcvjeFMQT9cTvhYU81DmwQpZiyRtH+MhBfSjqsl
riv95/TO4bhcpRnJl5T3D8ojWrMGiFJo1IB8gwc=
-----END OCSP RESPONSE-----
A.5.3.2. C509 OCSP Response

Plain Hex (248 bytes):

8A010C005011111111111111111111111111111111480600867838E3311A1A67C4F1
00808648A01C73A5F3B06334808F5410652787FA0527BC2449A1BFC5AB31AA5A6F0D
8D0039707F196270805475D8BC4FBAFC6694467641E748DFD53A8B9D176D0139707F
1962708054D1AC135D7DA29BDCF4DCA0D5281A51605B678400821A67C32F00043970
7F19627080482222222222222222808554D3A0C1E3DB92E8F6810537D45CFAECF6CE
417E3B0239707F19627080F65840E4869C57A66BAB501ACAEB7E5024105253D72F45
D349AE21FB941ABE4435F8A6C9D1CA5D2784AB30CF177FF075B5502AEAEE09C1146C
F490663EAED9243A760D

Textual Representation

C509BasicOCSPResponse
  TBSBasicOCSPResponse
    Type: C509BasicOCSPResponse (1)
    Signature Algorithm: Ed25519 (12)
    Hash Algorithm: SHA256 (0)
    Nonce
      11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11
    ResponderCertHash
      06:00:86:78:38:e3:31:1a
    ProducedAt: 2025-03-03T00:00:00Z
    Extensions: <empty>
    Responses
      OcspPerIssuerResponse
        IssuerCertHash
          a0:1c:73:a5:f3:b0:63:34
        Extensions: <empty>
        SingleResponses
          SingleCertResponse
            SerialNumberHash:
              10:65:27:87:fa:05:27:bc:24:49:a1:bf:c5:ab:31:aa:
              5a:6f:0d:8d
            Cert Status: good
            This Update: -28800, 2025-03-02T16:00:00Z
            Next Update: 25200, 2025-03-03T07:00:00Z
            Extensions: <empty>
          SingleCertResponse
            SerialNumberHash:
              75:d8:bc:4f:ba:fc:66:94:46:76:41:e7:48:df:d5:3a:
              8b:9d:17:6d
            Cert Status: not-issued
            This Update: -28800, 2025-03-02T16:00:00Z
            Next Update: 25200, 2025-03-03T07:00:00Z
            Extensions: <empty>
          SingleCertResponse
            SerialNumberHash:
              d1:ac:13:5d:7d:a2:9b:dc:f4:dc:a0:d5:28:1a:51:60:
              5b:67:84:00
            Cert Status: revoked (superseded)
              Revoked at 2025-03-01T16:00:00Z
            This Update: -28800, 2025-03-02T16:00:00Z
            Next Update: 25200, 2025-03-03T07:00:00Z
            Extensions: <empty>
      OcspPerIssuerResponse
        IssuerCertHash
          22:22:22:22:22:22:22:22
        Extensions: <empty>
        SingleResponses
          SingleCertResponse
            SerialNumberHash:
              d3:a0:c1:e3:db:92:e8:f6:81:05:37:d4:5c:fa:ec:f6:
              ce:41:7e:3b
            Cert Status: unknown
            This Update: -28800, 2025-03-02T16:00:00Z
            Next Update: 25200, 2025-03-03T07:00:00Z
            Extensions: <empty>
    Responder Certs: null
  Signature Value
    e4:86:9c:57:a6:6b:ab:50:1a:ca:eb:7e:50:24:10:52:
    53:d7:2f:45:d3:49:ae:21:fb:94:1a:be:44:35:f8:a6:
    c9:d1:ca:5d:27:84:ab:30:cf:17:7f:f0:75:b5:50:2a:
    ea:ee:09:c1:14:6c:f4:90:66:3e:ae:d9:24:3a:76:0d

Annotated hex

  0: 8A             # C509OCSPResponse=array[10]
  1:   01             # [0]. ocspResponseType=C509BasicOCSPResponse
                      #      (1)
  2:   0C             # [1]. signatureAlgorithm=Ed25519 (12)
  3:   00             # [2]. hashAlgorithm=SHA256 (0)
  4:   50             # [3]. nonce=byte[16]
  5:     11111111111111111111111111111111
 21:   48             # [4]. responderCertHash=byte[8]
 22:     0600867838E3311A
 30:   1A 67C4F100    # [5]. producedAt=1740960000:
                      #      2025-03-03T00:00:00Z
 35:   80             # [6]. extensions=array[0]
 36:   86             # [7]. responses=array[6]
                        #---PerIssuerResponses[0]---
 37:     48             # [0]. issuerCertHash=byte[8]
 38:       A01C73A5F3B06334
 46:     80             # [1]. extensions=array[0]
 47:     8F             # [2]. singleResponses=array[15]
                          #---SingleCertResponses[0]---
 48:       54             # [0]. serialNumberHash=byte[20]
 49:         10652787FA0527BC2449A1BFC5AB31AA5A6F0D8D
 69:       00             # [1]. certStatus=good (0)
 70:       39 707F        # [2]. thisUpdate=-28800:
                          #      2025-03-02T16:00:00Z
 73:       19 6270        # [3]. nextUpdate=25200:
                          #      2025-03-03T07:00:00Z
 76:       80             # [4]. extensions=array[0]
                          #---SingleCertResponses[1]---
 77:       54             # [5]. serialNumberHash=byte[20]
 78:         75D8BC4FBAFC6694467641E748DFD53A8B9D176D
 98:       01             # [6]. certStatus=not-issued (1)
 99:       39 707F        # [7]. thisUpdate=-28800:
                          #      2025-03-02T16:00:00Z
102:       19 6270        # [8]. nextUpdate=25200:
                          #      2025-03-03T07:00:00Z
105:       80             # [9]. extensions=array[0]
                          #---SingleCertResponses[2]---
106:       54             # [10]. serialNumberHash=byte[20]
107:         D1AC135D7DA29BDCF4DCA0D5281A51605B678400
127:       82             # [11]. certStatus=array[2]
128:         1A 67C32F00    # [0]. revocationTime=1740844800:
                            #      2025-03-01T16:00:00Z
133:         04             # [1]. revocationReason=superseded (4)
134:       39 707F        # [12]. thisUpdate=-28800:
                          #       2025-03-02T16:00:00Z
137:       19 6270        # [13]. nextUpdate=25200:
                          #       2025-03-03T07:00:00Z
140:       80             # [14]. extensions=array[0]
                        #---PerIssuerResponses[1]---
141:     48             # [3]. issuerCertHash=byte[8]
142:       2222222222222222
150:     80             # [4]. extensions=array[0]
151:     85             # [5]. singleResponses=array[5]
                          #---SingleCertResponses[0]---
152:       54             # [0]. serialNumberHash=byte[20]
153:         D3A0C1E3DB92E8F6810537D45CFAECF6CE417E3B
173:       02             # [1]. certStatus=unknown (2)
174:       39 707F        # [2]. thisUpdate=-28800:
                          #      2025-03-02T16:00:00Z
177:       19 6270        # [3]. nextUpdate=25200:
                          #      2025-03-03T07:00:00Z
180:       80             # [4]. extensions=array[0]
181:   F6             # [8]. responderCerts=<null>
182:   58 40          # [9]. signature value=byte[64]
184:     E4869C57A66BAB501ACAEB7E5024105253D72F45D349AE21FB941ABE44
213:     35F8A6C9D1CA5D2784AB30CF177FF075B5502AEAEE09C1146CF490663E
242:     AED9243A760D

A.5.4. Basic OCSP Response Example With Responder's Certificate

  • Size reduction: 62%

  • Verifiable with certificate in Appendix A.2.4.2

  • Basic OCSP Response (C509BasicOCSPResponse) with embedded responder's certificate

  • Note that the X.509 OCSP response and the C509 OCSP response are not convertible.

A.5.4.1. X.509 OCSP Response

PEM content (1189 bytes):

-----BEGIN OCSP RESPONSE-----
MIIEoQoBAKCCBJowggSWBgkrBgEFBQcwAQEEggSHMIIEgzCCAt2iFgQU6uWaiumq
9BBLFeUOjuAXFRd0GK8YDzIwMjUwMzAzMDAwMDAwWjCCAnwwgZEwaTANBglghkgB
ZQMEAgEFAAQgMlOOdIW9N65FTx8NK5dV11i5H26OOnrzl6D0AGBcb/gEIMwRyHQK
BQnsTaFM5YhucjZMD2O2DtY0fxPBbuclt2aiAhQSNBI0EjQSNBI0EjQSNBI0EjQS
NIAAGA8yMDI1MDMwMjE2MDAwMFqgERgPMjAyNTAzMDMwNzAwMDBaMIGnMGkwDQYJ
YIZIAWUDBAIBBQAEIDJTjnSFvTeuRU8fDSuXVddYuR9ujjp685eg9ABgXG/4BCDM
Ech0CgUJ7E2hTOWIbnI2TA9jtg7WNH8TwW7nJbdmogIUNFY0VjRWNFY0VjRWNFY0
VjRWNFahFhgPMTk3MDAxMDEwMDAwMDBaoAMKAQYYDzIwMjUwMzAyMTYwMDAwWqAR
GA8yMDI1MDMwMzA3MDAwMFowgacwaTANBglghkgBZQMEAgEFAAQgMlOOdIW9N65F
Tx8NK5dV11i5H26OOnrzl6D0AGBcb/gEIMwRyHQKBQnsTaFM5YhucjZMD2O2DtY0
fxPBbuclt2aiAhRWeFZ4VnhWeFZ4VnhWeFZ4VnhWeKEWGA8yMDI1MDMwMTE2MDAw
MFqgAwoBBBgPMjAyNTAzMDIxNjAwMDBaoBEYDzIwMjUwMzAzMDcwMDAwWjCBkTBp
MA0GCWCGSAFlAwQCAQUABCAzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMz
MwQgREREREREREREREREREREREREREREREREREREREREREQCFCIzIjMiMyIzIjMi
MyIzIjMiMyIzggAYDzIwMjUwMzAyMTYwMDAwWqARGA8yMDI1MDMwMzA3MDAwMFqh
MjAwMB0GCSsGAQUFBzABAgQQERERERERERERERERERERETAPBgkrBgEFBQcwAQkE
AgUAMAUGAytlcANBAHrbfHeKVrcvjeFMQT9cTvhYU81DmwQpZiyRtH+MhBfSjqsl
riv95/TO4bhcpRnJl5T3D8ojWrMGiFJo1IB8gwegggFUMIIBUDCCAUwwgf+gAwIB
AgICEjUwBQYDK2VwMBoxGDAWBgNVBAMMD3Rlc3QgY3Jsb2NzcC1jYTAeFw0yNTAx
MDIwMDAwMDBaFw0yNjAxMDIwMDAwMDBaMBkxFzAVBgNVBAMMDm9jc3AtcmVzcG9u
ZGVyMCowBQYDK2VwAyEAgZR7vCSKrHlzghGo11v5LLd32ZQHPfI64GOA7yxXOXaj
ajBoMB0GA1UdDgQWBBTq5ZqK6ar0EEsV5Q6O4BcVF3QYrzAOBgNVHQ8BAf8EBAMC
B4AwHwYDVR0jBBgwFoAU2X135jTC9wAwDKWPyHc2WxVQB6IwFgYDVR0lAQH/BAww
CgYIKwYBBQUHAwkwBQYDK2VwA0EAE6Mo4UW6t2eMBWxsYX3UvhUJnaoXUOH7fAsp
qSPXK/f3h5+FSrkt0RCxXzct4Flmgi+HToCGEf1F3T0sXCiHCA==
-----END OCSP RESPONSE-----
A.5.4.2. C509 OCSP Response

Plain Hex (446 bytes):

8A010C005011111111111111111111111111111111480600867838E3311A1A67C4F1
00808648A01C73A5F3B06334808F5410652787FA0527BC2449A1BFC5AB31AA5A6F0D
8D0039707F196270805475D8BC4FBAFC6694467641E748DFD53A8B9D176D0139707F
1962708054D1AC135D7DA29BDCF4DCA0D5281A51605B678400821A67C32F00043970
7F19627080482222222222222222808554D3A0C1E3DB92E8F6810537D45CFAECF6CE
417E3B0239707F1962708058C58B024212350C6F746573742063726C6F6373702D63
611A6775D7001A69570A806E6F6373702D726573706F6E6465720C582081947BBC24
8AAC79738211A8D75BF92CB777D994073DF23AE06380EF2C573976880154B5B4CAF3
5401D06151DF9629DB579DC8CCA453A8210107542F45E78D2CAEDF368CDF53C39005
D492450E105627095840A01B0CBF3E34A4762D05404FD08A7AEC103035358314686D
72B6159078C76E1D88597F37531886A3F52F256FD722192B289D6844014467F1F17F
05ACBB7B660A58400085EA27969E5A162EA31D371522F62F0DF278272225DEAD6F17
3C42D5482142A3F032872850A4E2C2D9A759A0F460E1250B6FDEBB6636B3672CA02E
FB880A04

Textual Representation

C509BasicOCSPResponse
  TBSBasicOCSPResponse
    Type: C509BasicOCSPResponse (1)
    Signature Algorithm: Ed25519 (12)
    Hash Algorithm: SHA256 (0)
    Nonce
      11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11
    ResponderCertHash
      06:00:86:78:38:e3:31:1a
    ProducedAt: 2025-03-03T00:00:00Z
    Extensions: <empty>
    Responses
      OcspPerIssuerResponse
        IssuerCertHash
          a0:1c:73:a5:f3:b0:63:34
        Extensions: <empty>
        SingleResponses
          SingleCertResponse
            SerialNumberHash:
              10:65:27:87:fa:05:27:bc:24:49:a1:bf:c5:ab:31:aa:
              5a:6f:0d:8d
            Cert Status: good
            This Update: -28800, 2025-03-02T16:00:00Z
            Next Update: 25200, 2025-03-03T07:00:00Z
            Extensions: <empty>
          SingleCertResponse
            SerialNumberHash:
              75:d8:bc:4f:ba:fc:66:94:46:76:41:e7:48:df:d5:3a:
              8b:9d:17:6d
            Cert Status: not-issued
            This Update: -28800, 2025-03-02T16:00:00Z
            Next Update: 25200, 2025-03-03T07:00:00Z
            Extensions: <empty>
          SingleCertResponse
            SerialNumberHash:
              d1:ac:13:5d:7d:a2:9b:dc:f4:dc:a0:d5:28:1a:51:60:
              5b:67:84:00
            Cert Status: revoked (superseded)
              Revoked at 2025-03-01T16:00:00Z
            This Update: -28800, 2025-03-02T16:00:00Z
            Next Update: 25200, 2025-03-03T07:00:00Z
            Extensions: <empty>
      OcspPerIssuerResponse
        IssuerCertHash
          22:22:22:22:22:22:22:22
        Extensions: <empty>
        SingleResponses
          SingleCertResponse
            SerialNumberHash:
              d3:a0:c1:e3:db:92:e8:f6:81:05:37:d4:5c:fa:ec:f6:
              ce:41:7e:3b
            Cert Status: unknown
            This Update: -28800, 2025-03-02T16:00:00Z
            Next Update: 25200, 2025-03-03T07:00:00Z
            Extensions: <empty>
    Responder Certs
      C509Certificate
        8b:02:42:12:35:0c:6f:74:65:73:74:20:63:72:6c:6f:
        63:73:70:2d:63:61:1a:67:75:d7:00:1a:69:57:0a:80:
        6e:6f:63:73:70:2d:72:65:73:70:6f:6e:64:65:72:0c:
        58:20:81:94:7b:bc:24:8a:ac:79:73:82:11:a8:d7:5b:
        f9:2c:b7:77:d9:94:07:3d:f2:3a:e0:63:80:ef:2c:57:
        39:76:88:01:54:b5:b4:ca:f3:54:01:d0:61:51:df:96:
        29:db:57:9d:c8:cc:a4:53:a8:21:01:07:54:2f:45:e7:
        8d:2c:ae:df:36:8c:df:53:c3:90:05:d4:92:45:0e:10:
        56:27:09:58:40:a0:1b:0c:bf:3e:34:a4:76:2d:05:40:
        4f:d0:8a:7a:ec:10:30:35:35:83:14:68:6d:72:b6:15:
        90:78:c7:6e:1d:88:59:7f:37:53:18:86:a3:f5:2f:25:
        6f:d7:22:19:2b:28:9d:68:44:01:44:67:f1:f1:7f:05:
        ac:bb:7b:66:0a
  Signature Value
    00:85:ea:27:96:9e:5a:16:2e:a3:1d:37:15:22:f6:2f:
    0d:f2:78:27:22:25:de:ad:6f:17:3c:42:d5:48:21:42:
    a3:f0:32:87:28:50:a4:e2:c2:d9:a7:59:a0:f4:60:e1:
    25:0b:6f:de:bb:66:36:b3:67:2c:a0:2e:fb:88:0a:04

Annotated hex

  0: 8A             # C509OCSPResponse=array[10]
  1:   01             # [0]. ocspResponseType=C509BasicOCSPResponse
                      #      (1)
  2:   0C             # [1]. signatureAlgorithm=Ed25519 (12)
  3:   00             # [2]. hashAlgorithm=SHA256 (0)
  4:   50             # [3]. nonce=byte[16]
  5:     11111111111111111111111111111111
 21:   48             # [4]. responderCertHash=byte[8]
 22:     0600867838E3311A
 30:   1A 67C4F100    # [5]. producedAt=1740960000:
                      #      2025-03-03T00:00:00Z
 35:   80             # [6]. extensions=array[0]
 36:   86             # [7]. responses=array[6]
                        #---PerIssuerResponses[0]---
 37:     48             # [0]. issuerCertHash=byte[8]
 38:       A01C73A5F3B06334
 46:     80             # [1]. extensions=array[0]
 47:     8F             # [2]. singleResponses=array[15]
                          #---SingleCertResponses[0]---
 48:       54             # [0]. serialNumberHash=byte[20]
 49:         10652787FA0527BC2449A1BFC5AB31AA5A6F0D8D
 69:       00             # [1]. certStatus=good (0)
 70:       39 707F        # [2]. thisUpdate=-28800:
                          #      2025-03-02T16:00:00Z
 73:       19 6270        # [3]. nextUpdate=25200:
                          #      2025-03-03T07:00:00Z
 76:       80             # [4]. extensions=array[0]
                          #---SingleCertResponses[1]---
 77:       54             # [5]. serialNumberHash=byte[20]
 78:         75D8BC4FBAFC6694467641E748DFD53A8B9D176D
 98:       01             # [6]. certStatus=not-issued (1)
 99:       39 707F        # [7]. thisUpdate=-28800:
                          #      2025-03-02T16:00:00Z
102:       19 6270        # [8]. nextUpdate=25200:
                          #      2025-03-03T07:00:00Z
105:       80             # [9]. extensions=array[0]
                          #---SingleCertResponses[2]---
106:       54             # [10]. serialNumberHash=byte[20]
107:         D1AC135D7DA29BDCF4DCA0D5281A51605B678400
127:       82             # [11]. certStatus=array[2]
128:         1A 67C32F00    # [0]. revocationTime=1740844800:
                            #      2025-03-01T16:00:00Z
133:         04             # [1]. revocationReason=superseded (4)
134:       39 707F        # [12]. thisUpdate=-28800:
                          #       2025-03-02T16:00:00Z
137:       19 6270        # [13]. nextUpdate=25200:
                          #       2025-03-03T07:00:00Z
140:       80             # [14]. extensions=array[0]
                        #---PerIssuerResponses[1]---
141:     48             # [3]. issuerCertHash=byte[8]
142:       2222222222222222
150:     80             # [4]. extensions=array[0]
151:     85             # [5]. singleResponses=array[5]
                          #---SingleCertResponses[0]---
152:       54             # [0]. serialNumberHash=byte[20]
153:         D3A0C1E3DB92E8F6810537D45CFAECF6CE417E3B
173:       02             # [1]. certStatus=unknown (2)
174:       39 707F        # [2]. thisUpdate=-28800:
                          #      2025-03-02T16:00:00Z
177:       19 6270        # [3]. nextUpdate=25200:
                          #      2025-03-03T07:00:00Z
180:       80             # [4]. extensions=array[0]
181:   58 C5          # [8]. responderCerts(COSE_C509)=byte[197]
183:     8B024212350C6F746573742063726C6F6373702D63611A6775D7001A69
212:     570A806E6F6373702D726573706F6E6465720C582081947BBC248AAC79
241:     738211A8D75BF92CB777D994073DF23AE06380EF2C573976880154B5B4
270:     CAF35401D06151DF9629DB579DC8CCA453A8210107542F45E78D2CAEDF
299:     368CDF53C39005D492450E105627095840A01B0CBF3E34A4762D05404F
328:     D08A7AEC103035358314686D72B6159078C76E1D88597F37531886A3F5
357:     2F256FD722192B289D6844014467F1F17F05ACBB7B660A
380:   58 40          # [9]. signature value=byte[64]
382:     0085EA27969E5A162EA31D371522F62F0DF278272225DEAD6F173C42D5
411:     482142A3F032872850A4E2C2D9A759A0F460E1250B6FDEBB6636B3672C
440:     A02EFB880A04

A.5.5. Basic OCSP Response Example With Responder's Certificate Chain

  • Size reduction: 57%

  • Verifiable with certificate in Appendix A.2.4.2

  • Basic OCSP Response (C509BasicOCSPResponse) with embedded responder's certificate chain (2 certificates)

  • Note that the X.509 OCSP response and the C509 OCSP response are not convertible.

A.5.5.1. X.509 OCSP Response

PEM content (1525 bytes):

-----BEGIN OCSP RESPONSE-----
MIIF8QoBAKCCBeowggXmBgkrBgEFBQcwAQEEggXXMIIF0zCCAt2iFgQU6uWaiumq
9BBLFeUOjuAXFRd0GK8YDzIwMjUwMzAzMDAwMDAwWjCCAnwwgZEwaTANBglghkgB
ZQMEAgEFAAQgMlOOdIW9N65FTx8NK5dV11i5H26OOnrzl6D0AGBcb/gEIMwRyHQK
BQnsTaFM5YhucjZMD2O2DtY0fxPBbuclt2aiAhQSNBI0EjQSNBI0EjQSNBI0EjQS
NIAAGA8yMDI1MDMwMjE2MDAwMFqgERgPMjAyNTAzMDMwNzAwMDBaMIGnMGkwDQYJ
YIZIAWUDBAIBBQAEIDJTjnSFvTeuRU8fDSuXVddYuR9ujjp685eg9ABgXG/4BCDM
Ech0CgUJ7E2hTOWIbnI2TA9jtg7WNH8TwW7nJbdmogIUNFY0VjRWNFY0VjRWNFY0
VjRWNFahFhgPMTk3MDAxMDEwMDAwMDBaoAMKAQYYDzIwMjUwMzAyMTYwMDAwWqAR
GA8yMDI1MDMwMzA3MDAwMFowgacwaTANBglghkgBZQMEAgEFAAQgMlOOdIW9N65F
Tx8NK5dV11i5H26OOnrzl6D0AGBcb/gEIMwRyHQKBQnsTaFM5YhucjZMD2O2DtY0
fxPBbuclt2aiAhRWeFZ4VnhWeFZ4VnhWeFZ4VnhWeKEWGA8yMDI1MDMwMTE2MDAw
MFqgAwoBBBgPMjAyNTAzMDIxNjAwMDBaoBEYDzIwMjUwMzAzMDcwMDAwWjCBkTBp
MA0GCWCGSAFlAwQCAQUABCAzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMz
MwQgREREREREREREREREREREREREREREREREREREREREREQCFCIzIjMiMyIzIjMi
MyIzIjMiMyIzggAYDzIwMjUwMzAyMTYwMDAwWqARGA8yMDI1MDMwMzA3MDAwMFqh
MjAwMB0GCSsGAQUFBzABAgQQERERERERERERERERERERETAPBgkrBgEFBQcwAQkE
AgUAMAUGAytlcANBAHrbfHeKVrcvjeFMQT9cTvhYU81DmwQpZiyRtH+MhBfSjqsl
riv95/TO4bhcpRnJl5T3D8ojWrMGiFJo1IB8gwegggKkMIICoDCCAUwwgf+gAwIB
AgICEjUwBQYDK2VwMBoxGDAWBgNVBAMMD3Rlc3QgY3Jsb2NzcC1jYTAeFw0yNTAx
MDIwMDAwMDBaFw0yNjAxMDIwMDAwMDBaMBkxFzAVBgNVBAMMDm9jc3AtcmVzcG9u
ZGVyMCowBQYDK2VwAyEAgZR7vCSKrHlzghGo11v5LLd32ZQHPfI64GOA7yxXOXaj
ajBoMB0GA1UdDgQWBBTq5ZqK6ar0EEsV5Q6O4BcVF3QYrzAOBgNVHQ8BAf8EBAMC
B4AwHwYDVR0jBBgwFoAU2X135jTC9wAwDKWPyHc2WxVQB6IwFgYDVR0lAQH/BAww
CgYIKwYBBQUHAwkwBQYDK2VwA0EAE6Mo4UW6t2eMBWxsYX3UvhUJnaoXUOH7fAsp
qSPXK/f3h5+FSrkt0RCxXzct4Flmgi+HToCGEf1F3T0sXCiHCDCCAUwwgf+gAwIB
AgIBATAFBgMrZXAwHjEcMBoGA1UEAwwTdGVzdCBjcmxvY3NwLXJvb3RjYTAeFw0y
NTAxMDEwMDAwMDBaFw0yNjEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD3Rlc3QgY3Js
b2NzcC1jYTAqMAUGAytlcAMhAF74o1WgAafFDSNJRwEggTGkuyq5INQL+w7h9qso
/3QAo2YwZDAdBgNVHQ4EFgQU2X135jTC9wAwDKWPyHc2WxVQB6IwDgYDVR0PAQH/
BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHwYDVR0jBBgwFoAUkSOc+vnng2yy
n1HhMZHbENOuFpMwBQYDK2VwA0EA1l4B18v6QX+xe5n3l+1pJ69WL/Y+jTWz46fT
gWDMZGdAEE2PORiX3asRmPPQWiYZIENipvg8M4ghGza8Vj1BAg==
-----END OCSP RESPONSE-----
A.5.5.2. C509 OCSP Response

Plain Hex (651 bytes):

8A010C005011111111111111111111111111111111480600867838E3311A1A67C4F1
00808648A01C73A5F3B06334808F5410652787FA0527BC2449A1BFC5AB31AA5A6F0D
8D0039707F196270805475D8BC4FBAFC6694467641E748DFD53A8B9D176D0139707F
1962708054D1AC135D7DA29BDCF4DCA0D5281A51605B678400821A67C32F00043970
7F19627080482222222222222222808554D3A0C1E3DB92E8F6810537D45CFAECF6CE
417E3B0239707F196270808258C58B024212350C6F746573742063726C6F6373702D
63611A6775D7001A69570A806E6F6373702D726573706F6E6465720C582081947BBC
248AAC79738211A8D75BF92CB777D994073DF23AE06380EF2C573976880154B5B4CA
F35401D06151DF9629DB579DC8CCA453A8210107542F45E78D2CAEDF368CDF53C390
05D492450E105627095840A01B0CBF3E34A4762D05404FD08A7AEC10303535831468
6D72B6159078C76E1D88597F37531886A3F52F256FD722192B289D6844014467F1F1
7F05ACBB7B660A58CA8B0241010C73746573742063726C6F6373702D726F6F746361
1A677485801A6B36EC7F6F746573742063726C6F6373702D63610C58205EF8A355A0
01A7C50D23494701208131A4BB2AB920D40BFB0EE1F6AB28FF74008801542F45E78D
2CAEDF368CDF53C39005D492450E1056211860230107542DA3A403F7D2F4E0B3D803
1A73BA8A839F557F0F5840E50465D60C02A2111EF3FC6E44F2A36008765B552351F9
A3F5B2AA7C76F1F05D259847A4F4250B2E4B0AE2099762A2596D3CC1DB2CCD180AA0
A2D0E191310B0F5840B633C9598073E3920876FE12B86AD32422E7F2C2361177A6D5
90F20BEBBAA1EFDF94A0A944AC8CA67679CA04CEAF327C12CB9F1C2DCACA9D2E949B
FEA755C405

Textual Representation

C509BasicOCSPResponse
  TBSBasicOCSPResponse
    Type: C509BasicOCSPResponse (1)
    Signature Algorithm: Ed25519 (12)
    Hash Algorithm: SHA256 (0)
    Nonce
      11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11
    ResponderCertHash
      06:00:86:78:38:e3:31:1a
    ProducedAt: 2025-03-03T00:00:00Z
    Extensions: <empty>
    Responses
      OcspPerIssuerResponse
        IssuerCertHash
          a0:1c:73:a5:f3:b0:63:34
        Extensions: <empty>
        SingleResponses
          SingleCertResponse
            SerialNumberHash:
              10:65:27:87:fa:05:27:bc:24:49:a1:bf:c5:ab:31:aa:
              5a:6f:0d:8d
            Cert Status: good
            This Update: -28800, 2025-03-02T16:00:00Z
            Next Update: 25200, 2025-03-03T07:00:00Z
            Extensions: <empty>
          SingleCertResponse
            SerialNumberHash:
              75:d8:bc:4f:ba:fc:66:94:46:76:41:e7:48:df:d5:3a:
              8b:9d:17:6d
            Cert Status: not-issued
            This Update: -28800, 2025-03-02T16:00:00Z
            Next Update: 25200, 2025-03-03T07:00:00Z
            Extensions: <empty>
          SingleCertResponse
            SerialNumberHash:
              d1:ac:13:5d:7d:a2:9b:dc:f4:dc:a0:d5:28:1a:51:60:
              5b:67:84:00
            Cert Status: revoked (superseded)
              Revoked at 2025-03-01T16:00:00Z
            This Update: -28800, 2025-03-02T16:00:00Z
            Next Update: 25200, 2025-03-03T07:00:00Z
            Extensions: <empty>
      OcspPerIssuerResponse
        IssuerCertHash
          22:22:22:22:22:22:22:22
        Extensions: <empty>
        SingleResponses
          SingleCertResponse
            SerialNumberHash:
              d3:a0:c1:e3:db:92:e8:f6:81:05:37:d4:5c:fa:ec:f6:
              ce:41:7e:3b
            Cert Status: unknown
            This Update: -28800, 2025-03-02T16:00:00Z
            Next Update: 25200, 2025-03-03T07:00:00Z
            Extensions: <empty>
    Responder Certs
      C509Certificate
        8b:02:42:12:35:0c:6f:74:65:73:74:20:63:72:6c:6f:
        63:73:70:2d:63:61:1a:67:75:d7:00:1a:69:57:0a:80:
        6e:6f:63:73:70:2d:72:65:73:70:6f:6e:64:65:72:0c:
        58:20:81:94:7b:bc:24:8a:ac:79:73:82:11:a8:d7:5b:
        f9:2c:b7:77:d9:94:07:3d:f2:3a:e0:63:80:ef:2c:57:
        39:76:88:01:54:b5:b4:ca:f3:54:01:d0:61:51:df:96:
        29:db:57:9d:c8:cc:a4:53:a8:21:01:07:54:2f:45:e7:
        8d:2c:ae:df:36:8c:df:53:c3:90:05:d4:92:45:0e:10:
        56:27:09:58:40:a0:1b:0c:bf:3e:34:a4:76:2d:05:40:
        4f:d0:8a:7a:ec:10:30:35:35:83:14:68:6d:72:b6:15:
        90:78:c7:6e:1d:88:59:7f:37:53:18:86:a3:f5:2f:25:
        6f:d7:22:19:2b:28:9d:68:44:01:44:67:f1:f1:7f:05:
        ac:bb:7b:66:0a
      C509Certificate
        8b:02:41:01:0c:73:74:65:73:74:20:63:72:6c:6f:63:
        73:70:2d:72:6f:6f:74:63:61:1a:67:74:85:80:1a:6b:
        36:ec:7f:6f:74:65:73:74:20:63:72:6c:6f:63:73:70:
        2d:63:61:0c:58:20:5e:f8:a3:55:a0:01:a7:c5:0d:23:
        49:47:01:20:81:31:a4:bb:2a:b9:20:d4:0b:fb:0e:e1:
        f6:ab:28:ff:74:00:88:01:54:2f:45:e7:8d:2c:ae:df:
        36:8c:df:53:c3:90:05:d4:92:45:0e:10:56:21:18:60:
        23:01:07:54:2d:a3:a4:03:f7:d2:f4:e0:b3:d8:03:1a:
        73:ba:8a:83:9f:55:7f:0f:58:40:e5:04:65:d6:0c:02:
        a2:11:1e:f3:fc:6e:44:f2:a3:60:08:76:5b:55:23:51:
        f9:a3:f5:b2:aa:7c:76:f1:f0:5d:25:98:47:a4:f4:25:
        0b:2e:4b:0a:e2:09:97:62:a2:59:6d:3c:c1:db:2c:cd:
        18:0a:a0:a2:d0:e1:91:31:0b:0f
  Signature Value
    b6:33:c9:59:80:73:e3:92:08:76:fe:12:b8:6a:d3:24:
    22:e7:f2:c2:36:11:77:a6:d5:90:f2:0b:eb:ba:a1:ef:
    df:94:a0:a9:44:ac:8c:a6:76:79:ca:04:ce:af:32:7c:
    12:cb:9f:1c:2d:ca:ca:9d:2e:94:9b:fe:a7:55:c4:05

Annotated hex

  0: 8A             # C509OCSPResponse=array[10]
  1:   01             # [0]. ocspResponseType=C509BasicOCSPResponse
                      #      (1)
  2:   0C             # [1]. signatureAlgorithm=Ed25519 (12)
  3:   00             # [2]. hashAlgorithm=SHA256 (0)
  4:   50             # [3]. nonce=byte[16]
  5:     11111111111111111111111111111111
 21:   48             # [4]. responderCertHash=byte[8]
 22:     0600867838E3311A
 30:   1A 67C4F100    # [5]. producedAt=1740960000:
                      #      2025-03-03T00:00:00Z
 35:   80             # [6]. extensions=array[0]
 36:   86             # [7]. responses=array[6]
                        #---PerIssuerResponses[0]---
 37:     48             # [0]. issuerCertHash=byte[8]
 38:       A01C73A5F3B06334
 46:     80             # [1]. extensions=array[0]
 47:     8F             # [2]. singleResponses=array[15]
                          #---SingleCertResponses[0]---
 48:       54             # [0]. serialNumberHash=byte[20]
 49:         10652787FA0527BC2449A1BFC5AB31AA5A6F0D8D
 69:       00             # [1]. certStatus=good (0)
 70:       39 707F        # [2]. thisUpdate=-28800:
                          #      2025-03-02T16:00:00Z
 73:       19 6270        # [3]. nextUpdate=25200:
                          #      2025-03-03T07:00:00Z
 76:       80             # [4]. extensions=array[0]
                          #---SingleCertResponses[1]---
 77:       54             # [5]. serialNumberHash=byte[20]
 78:         75D8BC4FBAFC6694467641E748DFD53A8B9D176D
 98:       01             # [6]. certStatus=not-issued (1)
 99:       39 707F        # [7]. thisUpdate=-28800:
                          #      2025-03-02T16:00:00Z
102:       19 6270        # [8]. nextUpdate=25200:
                          #      2025-03-03T07:00:00Z
105:       80             # [9]. extensions=array[0]
                          #---SingleCertResponses[2]---
106:       54             # [10]. serialNumberHash=byte[20]
107:         D1AC135D7DA29BDCF4DCA0D5281A51605B678400
127:       82             # [11]. certStatus=array[2]
128:         1A 67C32F00    # [0]. revocationTime=1740844800:
                            #      2025-03-01T16:00:00Z
133:         04             # [1]. revocationReason=superseded (4)
134:       39 707F        # [12]. thisUpdate=-28800:
                          #       2025-03-02T16:00:00Z
137:       19 6270        # [13]. nextUpdate=25200:
                          #       2025-03-03T07:00:00Z
140:       80             # [14]. extensions=array[0]
                        #---PerIssuerResponses[1]---
141:     48             # [3]. issuerCertHash=byte[8]
142:       2222222222222222
150:     80             # [4]. extensions=array[0]
151:     85             # [5]. singleResponses=array[5]
                          #---SingleCertResponses[0]---
152:       54             # [0]. serialNumberHash=byte[20]
153:         D3A0C1E3DB92E8F6810537D45CFAECF6CE417E3B
173:       02             # [1]. certStatus=unknown (2)
174:       39 707F        # [2]. thisUpdate=-28800:
                          #      2025-03-02T16:00:00Z
177:       19 6270        # [3]. nextUpdate=25200:
                          #      2025-03-03T07:00:00Z
180:       80             # [4]. extensions=array[0]
181:   82             # [8]. responderCerts(COSE_C509)=array[2]
182:     58 C5          # [0]. C509CertData=byte[197]
184:       8B024212350C6F746573742063726C6F6373702D63611A6775D7001A
212:       69570A806E6F6373702D726573706F6E6465720C582081947BBC248A
240:       AC79738211A8D75BF92CB777D994073DF23AE06380EF2C5739768801
268:       54B5B4CAF35401D06151DF9629DB579DC8CCA453A8210107542F45E7
296:       8D2CAEDF368CDF53C39005D492450E105627095840A01B0CBF3E34A4
324:       762D05404FD08A7AEC103035358314686D72B6159078C76E1D88597F
352:       37531886A3F52F256FD722192B289D6844014467F1F17F05ACBB7B66
380:       0A
381:     58 CA          # [1]. C509CertData=byte[202]
383:       8B0241010C73746573742063726C6F6373702D726F6F7463611A6774
411:       85801A6B36EC7F6F746573742063726C6F6373702D63610C58205EF8
439:       A355A001A7C50D23494701208131A4BB2AB920D40BFB0EE1F6AB28FF
467:       74008801542F45E78D2CAEDF368CDF53C39005D492450E1056211860
495:       230107542DA3A403F7D2F4E0B3D8031A73BA8A839F557F0F5840E504
523:       65D60C02A2111EF3FC6E44F2A36008765B552351F9A3F5B2AA7C76F1
551:       F05D259847A4F4250B2E4B0AE2099762A2596D3CC1DB2CCD180AA0A2
579:       D0E191310B0F
585:   58 40          # [9]. signature value=byte[64]
587:     B633C9598073E3920876FE12B86AD32422E7F2C2361177A6D590F20BEB
616:     BAA1EFDF94A0A944AC8CA67679CA04CEAF327C12CB9F1C2DCACA9D2E94
645:     9BFEA755C405

Acknowledgments

The authors thank xxx for reviewing and commenting on intermediate versions of the draft.

Authors' Addresses

Lijun Liao
NIO
Marco Tiloca
RISE AB
Joel Höglund
RISE AB
Rikard Höglund
RISE AB
Shahid Raza
University of Glasgow