{"draft":"draft-ietf-lamps-norevavail-04","doc_id":"RFC9608","title":"No Revocation Available for X.509 Public Key Certificates","authors":["R. Housley","T. Okubo","J. Mandel"],"format":["HTML","TEXT","PDF","XML"],"page_count":"10","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Limited Additional Mechanisms for PKIX and SMIME","abstract":"X.509v3 public key certificates are profiled in RFC 5280. \r\nShort-lived certificates are seeing greater use in the Internet.  The\r\nCertification Authority (CA) that issues these short-lived\r\ncertificates do not publish revocation information because the\r\ncertificate lifespan that is shorter than the time needed to detect,\r\nreport, and distribute revocation information.  Some long-lived\r\nX.509v3 public key certificates never expire, and they are never\r\nrevoked.  This specification defines the noRevAvail certificate\r\nextension so that a relying party can readily determine that the CA\r\ndoes not publish revocation information for the certificate, and it\r\nupdates the certification path validation algorithm defined in RFC\r\n5280 so that revocation checking is skipped when the noRevAvail\r\ncertificate extension is present.","pub_date":"June 2024","keywords":[],"obsoletes":[],"obsoleted_by":[],"updates":["RFC5280"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9608","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc9608"}