[x500standard] SV: [T17Q11] X.509 Summary for next (2016) edition

• From: "Erik Andersen" <era@xxxxxxx>
• To: <tony@xxxxxxxxxxxxx>, "'Directory list'" <x500standard@xxxxxxxxxxxxx>, "'SG17-Q11'" <T13sg17q11@xxxxxxxxxxxxx>
• Date: Mon, 14 Oct 2013 14:39:14 +0200

Hi Tony,

 

Thanks for your comments. Certainly, the concept of trust broker will have
to be removed if the trust broker concept is eventually rejected.

 

As to your  last points. This sentence could be retained.

 

Erik 

 

Fra: Tony Rutkowski [mailto:tony@xxxxxxxxxxxxx] 
Sendt: 14. oktober 2013 14:06
Til: Erik Andersen; Directory list; SG17-Q11
Emne: Re: [T17Q11] X.509 Summary for next (2016) edition

 

This revised summary clearly reflects a profound 
change in scope and concept by introducing and
defining a "trust broker," as well as moving away
from X.509's relatively narrow purpose by your
eliminating the sentence "these frameworks may 
be used by other standards bodies to profile their 
application to Public Key Infrastructures (PKI) 
and Privilege Management Infrastructures (PMI)."

Who is seeking these changes? Who made the 
decision?

--tony

On 10/14/2013 6:14 AM, Erik Andersen wrote:

Hi folks,

It has been decide to make X.509 a pure PKI/PMI specification moving pure
directory stuff to other parts (X.511 and X.520). That includes Password
Policy. This requires the Summary to be updated.

The old Summary is:

Recommendation ITU-T X.509 | ISO/IEC 9594-8 defines a framework for
public-key certificates and attribute certificates. These frameworks may be
used by other standards bodies to profile their application to Public Key
Infrastructures (PKI) and Privilege Management Infrastructures (PMI). Also,
this Recommendation | International Standard defines a framework for the
provision of authentication services by Directory to its users. It describes
two levels of authentication: simple authentication, using a password as a
verification of claimed identity; and strong authentication, involving
credentials formed using cryptographic techniques. While simple
authentication offers some limited protection against unauthorized access,
only strong authentication should be used as the basis for providing secure
services.

A first draft for a new summary is proposed here:

Recommendation ITU-T X.509 | ISO/IEC 9594-8 defines frameworks for
public-key infrastructure (PKI) and privilege management infrastructure
(PMI). It introduces the basic concept of asymmetric cryptographic
techniques. It specifies the following data types: public-key certificate,
attribute certificate, certificate revocation list (CRL) and attribute
certificate revocation list (ACRL). It also defines several certificate and
CRL extensions, and it defines directory schema information allowing PKI and
PMI related data to be stored in a directory. In addition, it defines PKI
entity types, such as certification authority (CA), attribute authority
(AA), relying party, trust broker and trust anchor. It specifies the
principles for certificate validation, validation path, certificate policy,
etc.

Please comment. Any suggestion is welcome.

Regards,

 

Erik

 

• References:
  • [x500standard] X.509 Summary for next (2016) edition
    • From: Erik Andersen

Other related posts:

• » [x500standard] SV: [T17Q11] X.509 Summary for next (2016) edition - Erik Andersen
• » [x500standard] SV: [T17Q11] X.509 Summary for next (2016) edition- Erik Andersen

1. Home
2. x500standard
3. Archive
4. 10-2013

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---