OCSP Information
Index Page
What is OCSP?
Market overview

public OCSP responder
PKI related links
requests with OpenSSL
OCSP in your browser
OCSP application test
About application test
Download Certificates
Responder details
CA details
OCSP responder services
OCSP status requests
supported CAs 
rating criteria 
Add CA or Responder
OCSP browser check
Feedback
Contact Us
OpenValidation partner
Become a partner
Imprint
supported Sevices
PKI4UNI
ValidationWorks

Rating details
OpenValidation.org strives to document the security of the various Trust Centers. While we have not the resources to conduct audits by ourselves, we want to give all Trust Centers the possibility to present all the documents describing their CA specific security to a public audience. These documents include Certificate Pratice Statements, Audit-Reports and proofs of completed security-certifications and audits.

This documentation can be used to judge the security of certificates issued by this CA. For clients being able to interpret SyTrusts proprietary OCSP-extension describing the certificate quality, we apply the following rating schemata:

At first every CA is rated with 0 points. This will be modified by additional informations available.

Certificate Pratice Statement:
If the CA discloses a CPS to the public, this will add 10 points. If this CPS roughly conforms RfC 2527 and covers most (>90%) of the topics mentioned there, this will add another 10 points.

Audits:
If a CA discloses a valid "WebTrust for Certification Authorities" audit report this will add another 35 points.

Face to Face Registration Process:
If a CA issues certificates only based on the personal (physical) presence of the requestor before any trustworthy third party (e.g. employee of trustcenter, notary public or other similar official) and this third party checks some well-recognized form of government-issued identification (e.g. passport, driver´s license), this will add another 20 points.

Fast Revocation Process:
If a CA offers an OCSP Responder or issues CRLs with a validity period below 24 hours, this will add another 10 points.

The maximum value therefore is 85.

DISCLAIMER:
This ranking does not guarantee any security - to a certain degree it shows the level of diligence and effort applied by the CA. To obtain a meaningful assertion, one has to conduct a security audit of the CA according to ones own security requirements.