GB/T 19713-2025 English PDFUS$839.00 · In stock
Delivery: <= 6 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 19713-2025: Cybersecurity technology - Public key infrastructure - Online certificate status protocol Status: Valid GB/T 19713: Historical versions
Basic dataStandard ID: GB/T 19713-2025 (GB/T19713-2025)Description (Translated English): Cybersecurity technology - Public key infrastructure - Online certificate status protocol Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.030 Word Count Estimation: 42,451 Date of Issue: 2025-02-28 Date of Implementation: 2025-09-01 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 19713-2025: Cybersecurity technology - Public key infrastructure - Online certificate status protocol---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. GB/T 19713-2025 English version. Cybersecurity technology - Public key infrastructure - Online certificate status protocol ICS 35.030 CCSL80 National Standard of the People's Republic of China Replace GB/T 19713-2005 Cybersecurity Technology Public Key Infrastructure Online Certificate Status Protocol Released on 2025-02-28 2025-09-01 Implementation State Administration for Market Regulation The National Standardization Administration issued Table of ContentsPreface III 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Abbreviations 1 5 General Principles 2 5.1 Overview 2 5.2 Request 2 5.3 Response 2 5.4 Abnormal situation 3 5.5 Temporal Semantics 4 5.6 Pre-generated response 4 5.7 Entrustment of OCSP Signature Authority 4 5.8 CA key leakage 4 6 Functional Requirements 4 6.1 Certificate Content Requirements 4 6.2 Requirements for receiving signed responses 4 7 Concrete Grammar 5 7.1 Conventions 5 7.2 Request 5 7.3 Response 7 7.4 Extension 11 Appendix A (Normative) ASN.1 Syntax Specification for OCSP Requests and Responses 15 Appendix B (Normative) OCSP Requests and Responses over HTTP 24 Appendix C (Informative) OCSP Request and Response ASN.1 Syntax Message Examples 26 Appendix D (Informative) Safety Considerations 34 Reference 36ForewordThis document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting rules for standardization documents" Drafting. This document replaces GB/T 19713-2005 "Information Technology Security Technology Public Key Infrastructure Online Certificate Status Protocol" and Compared with GB/T 19713-2005, in addition to structural adjustments and editorial changes, the main technical changes are as follows. a) Change "This standard applies to all types of applications and computing environments based on public key infrastructure" to "This document applies to public The construction of key infrastructure and security applications based on online certificate status protocol (see Chapter 1, Chapter 1 of the.2005 edition); b) Added a diagram of the relationship between the parties in the OCSP protocol in the “General Principles” (see 5.1, 5.1 of the.2005 version); c) Changed “hash signature of the response” to “digital signature of the response” [see 5.3b), 5.3f of the.2005 edition)]; d) Changed the scope of the revoked status to allow the use of this response status for certificates that have never been issued [see 5.3 d), 5.3 of the.2005 edition]; e) Added response requirements for unissued certificate status requests [see 5.3e)]; f) Changed the scope of use of the unauthorized error response (see 5.4, 5.4 of the.2005 edition); g) Added the definition of revocationTime semantics (see 5.5); h) Added support for SM2 and SM3 algorithms (see 7.1 and 7.2); i) Added Signature, Extensions, CertificateSerialNumber, SubjectPublicK in OCSPASN.1 syntax Definition of eyInfo, Name, AlgorithmIdentifier and CRLReason structures (see 7.1); j) Added annotations on lightweight OCSP request syntax (see 7.2.2); k) Added the time requirement for the lightweight OCSP protocol (see 7.3.2.1); l) Changed "The locally configured OCSP signing authority contains a certificate that matches the certificate to be verified" to "This The locally configured OCSP responder certificate matches the OCSP responder certificate" (see 7.3.2.2.2, 7.3.2.2 of the.2005 Edition); m) Added the revocation status check method for authorized responders in lightweight OCSP environment [see 7.3.2.2.3d)]; n) Added "7.3.2.3 Basic Response" and clarified that the ResponderID field corresponds to the OCSP responder signing certificate (see 7.3.2.3); o) Added requirements for the OCSPResponse structure in lightweight OCSP responses [see 7.3.2.3e)]; p) Added "7.3.2.2.4 Certificate Status Release" to describe the standards that OCSP responders should follow to obtain certificate status (see 7.3.2.2.4); q) Deleted the mandatory cryptographic algorithms and optional cryptographic algorithms (see 7.4 of the.2005 edition); r) The ASN.1 syntax of Nonce has been changed and the length range of Nonce has been specified (see 7.4.2, 7.5.1 of the.2005 version); s) The standards that CRL entry extensions should follow have been changed (see 7.4.6, 7.5.5 of the.2005 edition); t) Added a "Preferred Signature Algorithm" extension that can be included in a request message to specify the signature algorithm that the requester wants the responder to use. The signature algorithm used is SM3WithSM2 (see 7.4.8). u) Added the "Extended Revocation Definitions" extension, which indicates that the responder supports the "revoked Extended use of the "(revoked)" response (see 7.4.9); v) Changed the ASN.1 module using the ASN.1.2008 syntax to add support for the use of SM2 and SM3 algorithms (see Appendix A, Appendix B of the.2005 edition); Added the syntax specification of lightweight OCSPASN.1, and added support for the use of SM2 and SM3 algorithms Method (see Appendix A); w) Added lightweight OCSP request and response structure (see Appendix B.2); x) Changed “Safety Considerations” in the main text to Appendix D, and supplemented and improved the content (see Appendix D, Chapter 8 of the.2005 edition). Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility for identifying patents. This document was proposed and coordinated by the National Cybersecurity Standardization Technical Committee (SAC/TC260). This document was drafted by. Puhua Integrity Information Technology Co., Ltd., Shanghai Information Security Infrastructure Research Center Co., Ltd., Shanghai Digital Certificate Authority Co., Ltd., Beijing Digital Certification Co., Ltd., Zhengzhou Xindajiean Information Technology Co., Ltd. Shenzhen E-commerce Security Certificate Management Co., Ltd., China Electronics Technology Network Security Technology Co., Ltd., Henan Golden Shield Information Security Testing and Evaluation Co., Ltd. Evaluation Center Co., Ltd., National Cryptography Administration Commercial Cryptography Testing Center, Geer Software Co., Ltd., 360 Digital Security Technology Group Group Co., Ltd., Digital Security Era Technology Co., Ltd., and Huawei Technologies Co., Ltd. The main drafters of this document are. Liang Zuoquan, Gu Qing, Tian Wenjin, Wang Yahong, Feng Sifeng, Gao Wuxing, Zhang Ziming, Fu Lili, Wang Zhiwei, Huang Chenghang, Zhao Yanhong, Shi Shaobo, Chen Luoqi, Zhao Yingxia, Zhang Yongqiang, Liu Weihua, Zheng Huitao, Yue Xiaoyang, Liang Hong, Zhang Shaobo, Zheng Qiang, Zhang Zhilei, Du Zhiqiang, Zeng Guang. The previous versions of this document and the documents it replaces are as follows. ---First published in.2005 as GB/T 19713-2005; ---This is the first revision. Cybersecurity Technology Public Key Infrastructure Online Certificate Status Protocol1 ScopeThis document provides a mechanism for querying the status of digital certificates without requesting a Certificate Revocation List (CRL), namely, Online Certificate Status Protocol, including the protocol content and syntax specifications of the Online Certificate Status Protocol. This document is applicable to the construction of public key infrastructure and security applications based on the online certificate status protocol.2 Normative referencesThe contents of the following documents constitute essential clauses of this document through normative references in this document. For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to This document. GB/T 16263.1 Information technology ASN.1 encoding rules Part 1.Basic encoding rules (BER), regular encoding rules (CER) and non-typical encoding rules (DER) specifications GB/T 19714-2005 Information technology security technology Public key infrastructure certificate management protocol GB/T 20518-2018 Information security technology public key infrastructure digital certificate format GB/T 25069 Information security technical terms GB/T 32915 Information security technology - Binary sequence randomness detection method GB/T 33560-2017 Information security technology cryptographic application identification specification GB/T 35276-2017 Information security technology SM2 cryptographic algorithm usage specification3 Terms and definitionsThe terms and definitions defined in GB/T 25069 and the following apply to this document. 3.1 Requester The entity or device that applies for the online certificate status query service. 3.2 responder An entity or device that provides online certificate status query services. 3.3 Online Certificate Status Protocol onlinecertificatestatusprotocol; OCSP A protocol for querying the status of digital certificates without requesting a Certificate Revocation List (CRL).4 AbbreviationsThe following abbreviations apply to this document. CA. Certification Authority ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 19713-2025_English be delivered?Answer: Upon your order, we will start to translate GB/T 19713-2025_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 6 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 19713-2025_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 19713-2025_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.Question 5: Should I purchase the latest version GB/T 19713-2025?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 19713-2025 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically. |
