• Login/Register
  • Section: Internet Standard /Tuesday 27th January 2015

    Alphabetic Index : A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

    Search β):

    * SCVP *

    پروتکل معتبرسازی گواهینامه مبتنی بر سرور

    (Wikipedia) - SCVP
    The topic of this article may not meet Wikipedia''s general notability guideline. Please help to establish notability by adding reliable, secondary sources about the topic. If notability cannot be established, the article is likely to be merged, redirected, or deleted. Find sources: "SCVP" – news · newspapers · books · scholar · JSTOR · free images (August 2014)
    This article does not cite any references or sources. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. (August 2014)

    The Server-based Certificate Validation Protocol (SCVP) is an Internet protocol for determining the path between a X.509 digital certificate and a trusted root (Delegated Path Discovery) and the validation of that path (Delegated Path Validation) according to a particular validation policy.


    When a relying party receives a digital certificate and needs to decide whether to trust the certificate, it first needs to determine whether the certificate can be linked to a trusted certificate. This process may involve chaining the certificate back through several issuers, such as the following case:

    Equifax Secure eBusiness CA-1 ACME Co Certificate Authority Joe User

    Currently, the creation of this chain of certificates is performed by the application receiving the signed message. The process is termed "path discovery" and the resulting chain is called a "certification path". Many Windows applications, such as Outlook, use Cryptographic Application Programming Interface (CAPI) for path discovery.

    CAPI is capable of building certification paths using any certificates that are installed in Windows certificate stores or provided by the relying party application. The Equifax CA certificate, for example, comes installed in Windows as a trusted certificate. If CAPI knows about the ACME Co CA certificate or if it is included in a signed email and made available to CAPI by Outlook, CAPI can create the certification path above. However, if CAPI cannot find the ACME Co CA certificate, it has no way to verify that Joe User is trusted.

    SCVP provides us with a standards-based client-server protocol for solving this problem using Delegated Path Discovery, or DPD. When using DPD, a relying party asks a server for a certification path that meets its needs. The SCVP client''s request contains the certificate that it is attempting to trust and a set of trusted certificates. The SCVP server''s response contains a set of certificates making up a valid path between the certificate in question and one of the trusted certificates. The response may also contain proof of revocation status, such as OCSP responses, for the certificates in the path.

    Once a certification path has been constructed, it needs to be validated. An algorithm for validating certification paths is defined in RFC 5280 section 6 (signatures, expiration, name constraints, policy constraints, basic constraints, etc.). Again, this could be done locally by the client or by the SCVP server with Delegated Path Validation.

    SCVP facilitates Federated PKIs, such as one with a Bridge Certificate Authority.

    External links
    This Internet-related article is a stub. You can help Wikipedia by expanding it.
    • v
    • t
    • e

    Tags:CA, Internet, SCVP, Wikipedia, Windows

    Add definition or comments on SCVP

    Your Name / Alias:
    Definition / Comments
    neutral points of view
    Source / SEO Backlink:
    Anti-Spam Check
    Enter text above
    Upon approval, your definition will be listed under: SCVP

    Happy Summer Sale

    Home About us / Contact    Products    Services    Iranian History Today    Top Iran Links    Iranian B2B Web Directory    Historical Glossary
    Copyright @ 2004-2016 fouman.com All Rights Iranian