⚠ Switch to EXCALIDRAW VIEW in the MORE OPTIONS menu of this document. ⚠ You can decompress Drawing data with the command palette: ‘Decompress current Excalidraw file’. For more info check in plugin settings under ‘Saving’
Excalidraw Data
Text Elements
[If certificate is revoked]
[If certificate is valid]
[If certificate is revoked]
[If certificate is valid]
Browser
Browser
Web_Server
Web_Server
OCSP_Responder
OCSP_Responder
Certificate_Authority (CA)
Certificate_Authority (CA)
Certificate_Authority
Certificate_Authority
Maintain Certificate Revocation List (CRL)
Provide CRL (on request)
Check if certificate is revoked
Reject certificate
Proceed with secure connection
Request certificate status
Fetch latest revocation info
Provide certificate status
Respond with status (Good/Revoked/Unknown)
Reject certificate
Proceed with secure connection
(Periodically) Request certificate status
Provide signed time-stamped response
Send pre-fetched OCSP response
Verify response and establish secure connection
alt
alt
[If certificate is revoked]
[If certificate is valid]
[If certificate is revoked]
[If certificate is valid]
Browser
Browser
Web_Server
Web_Server
OCSP_Responder
OCSP_Responder
Certificate_Authority (CA)
Certificate_Authority (CA)
Certificate_Authority
Certificate_Authority
(1) Maintain Certificate Revocation List (CRL)
(2) Request CRL
(3) Provide CRL
(4) Check if certificate is revoked
(5) Reject certificate
(6) Proceed with secure connection
(7) Request certificate status
(8) Fetch latest revocation info
(9) Provide certificate status
(10) Respond with status (Good/Revoked/Unknown)
(11) Reject certificate
(12) Proceed with secure connection
(13) Periodically request certificate status
(14) Provide signed time-stamped response
(15) Send pre-fetched OCSP response
(16) Verify response and establish secure connection
alt
alt
Cryptographic Algorithms
Symmetric Encryption
Asymmetric Encryption
Fast but requires secure key sharing
DES, 3DES, AES, Blowfish, IDEA, RC
Key distribution problem
Slower but more secure key sharing
RSA, ECC, Diffie-Hellman
No need to share a secret key
Single Key
Two Keys
Same key for encryption & decryption
Examples
Weakness
Public & Private Key Pair
Examples
Strength
Solved by
OSI Model
Mnemonic
Away - Application Layer
Pizza - Presentation Layer
Spinach - Session Layer
Throw - Transport Layer
Not - Network Layer
Do - Data Link Layer
Please - Physical Layer
Application Layer 7
Presentation Layer 6
Session Layer 5
Transport Layer 4
Network Layer 3
Data Link Layer 2
Physical Layer 1