Out-of-Band Certificate and Key Identifier Protocol (OCKID)
VPN Consortium
In general, certificates need not be communicated with communication or storage media that are integrity-secure or authentic. This is because certificates are digitally signed and users are expected to validate the signatures using configured trust anchors. However, distribution of trust anchor certificates, self-signed end-entity certificates, or bare (unsigned) public keys requires a mechanism for establishing the authenticity of the certificate or public key.