[x500standard] X.509 Summary for next (2016) edition

• From: "Erik Andersen" <era@xxxxxxx>
• To: "Directory list" <x500standard@xxxxxxxxxxxxx>, "SG17-Q11" <T13sg17q11@xxxxxxxxxxxxx>
• Date: Mon, 14 Oct 2013 12:14:27 +0200

Hi folks,

 

It has been decide to make X.509 a pure PKI/PMI specification moving pure
directory stuff to other parts (X.511 and X.520). That includes Password
Policy. This requires the Summary to be updated.

 

The old Summary is:

 

Recommendation ITU-T X.509 | ISO/IEC 9594-8 defines a framework for
public-key certificates and attribute certificates. These frameworks may be
used by other standards bodies to profile their application to Public Key
Infrastructures (PKI) and Privilege Management Infrastructures (PMI). Also,
this Recommendation | International Standard defines a framework for the
provision of authentication services by Directory to its users. It describes
two levels of authentication: simple authentication, using a password as a
verification of claimed identity; and strong authentication, involving
credentials formed using cryptographic techniques. While simple
authentication offers some limited protection against unauthorized access,
only strong authentication should be used as the basis for providing secure
services.

 

A first draft for a new summary is proposed here:

 

Recommendation ITU-T X.509 | ISO/IEC 9594-8 defines frameworks for
public-key infrastructure (PKI) and privilege management infrastructure
(PMI). It introduces the basic concept of asymmetric cryptographic
techniques. It specifies the following data types: public-key certificate,
attribute certificate, certificate revocation list (CRL) and attribute
certificate revocation list (ACRL). It also defines several certificate and
CRL extensions, and it defines directory schema information allowing PKI and
PMI related data to be stored in a directory. In addition, it defines PKI
entity types, such as certification authority (CA), attribute authority
(AA), relying party, trust broker and trust anchor. It specifies the
principles for certificate validation, validation path, certificate policy,
etc.

 

Please comment. Any suggestion is welcome.

 

Regards,

 

Erik

• Follow-Ups:
  • [x500standard] Re: X.509 Summary for next (2016) edition
    • From: David Chadwick

Other related posts:

• » [x500standard] X.509 Summary for next (2016) edition - Erik Andersen
• » [x500standard] Re: X.509 Summary for next (2016) edition- David Chadwick
• » [x500standard] Re: X.509 Summary for next (2016) edition- DP-Security-Consulting
• » [x500standard] Re: X.509 Summary for next (2016) edition- David Chadwick

1. Home
2. x500standard
3. Archive
4. 10-2013

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---