[x500standard] Re: X.509 Summary for next (2016) edition

• From: David Chadwick <d.w.chadwick@xxxxxxxxxx>
• To: x500standard@xxxxxxxxxxxxx, SG17-Q11 <T13sg17q11@xxxxxxxxxxxxx>
• Date: Mon, 14 Oct 2013 12:13:15 +0100

The only change I would make is to the first sentence to make it grammatically correct

a framework for public-key infrastructures (PKI) and privilege management infrastructures (PMI).

regards

david

On 14/10/2013 11:14, Erik Andersen wrote:

Hi folks,

It has been decide to make X.509 a pure PKI/PMI specification moving
pure directory stuff to other parts (X.511 and X.520). That includes
Password Policy. This requires the Summary to be updated.

The old Summary is:

Recommendation ITU-T X.509 | ISO/IEC 9594-8 defines a framework for
public-key certificates and attribute certificates. These frameworks may
be used by other standards bodies to profile their application to Public
Key Infrastructures (PKI) and Privilege Management Infrastructures
(PMI). Also, this Recommendation | International Standard defines a
framework for the provision of authentication services by Directory to
its users. It describes two levels of authentication: simple
authentication, using a password as a verification of claimed identity;
and strong authentication, involving credentials formed using
cryptographic techniques. While simple authentication offers some
limited protection against unauthorized access, only strong
authentication should be used as the basis for providing secure services.

A first draft for a new summary is proposed here:

Recommendation ITU-T X.509 | ISO/IEC 9594-8 defines frameworks for
public-key infrastructure (PKI) and privilege management infrastructure
(PMI). It introduces the basic concept of asymmetric cryptographic
techniques. It specifies the following data types: public-key
certificate, attribute certificate, certificate revocation list (CRL)
and attribute certificate revocation list (ACRL). It also defines
several certificate and CRL extensions, and it defines directory schema
information allowing PKI and PMI related data to be stored in a
directory. In addition, it defines PKI entity types, such as
certification authority (CA), attribute authority (AA), relying party,
trust broker and trust anchor. It specifies the principles for
certificate validation, validation path, certificate policy, etc.

Please comment. Any suggestion is welcome.

Regards,

Erik

-----
www.x500standard.com: The central source for information on the X.500 Directory 
Standard.

• Follow-Ups:
  • [x500standard] Re: X.509 Summary for next (2016) edition
    • From: DP-Security-Consulting

• References:
  • [x500standard] X.509 Summary for next (2016) edition
    • From: Erik Andersen

Other related posts:

• » [x500standard] X.509 Summary for next (2016) edition- Erik Andersen
• » [x500standard] Re: X.509 Summary for next (2016) edition - David Chadwick
• » [x500standard] Re: X.509 Summary for next (2016) edition- DP-Security-Consulting
• » [x500standard] Re: X.509 Summary for next (2016) edition- David Chadwick

1. Home
2. x500standard
3. Archive
4. 10-2013

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---