Internet X.509 Certificate Request Message Format

Myers, Michael; Adams, Carlisle; Solo, D.; Kemp, Duncan

doi:10.17487/rfc2511

Cited by 39 publications

(16 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The modification process is started with the creation of a certificate request [10] keeping the same public key of the old certificate. However, some other fields must also be kept unchanged to ensure the path construction and validation [7,9] for the new certificate.…”

Section: Certificate Replacementmentioning

confidence: 99%

Good practices for Long-Term Key Management in a Public Key Infrastructure

Carlos

Custódio

Sutil

2008

2008 11th IEEE International Conference on Computational Science and Engineering - Workshops

View full text Add to dashboard Cite

Optimal PKI life cycle management depends directly on the strategy to deal with the update and replacement of CA certificates and CA private keys. To reach optimal strategy, it is necessary to develop methods that the replacement is executed to match the specific needs of each PKI. Only one strategy is defined in RFC 4210, but real PKIs need a variety of different strategies. This paper classifies these strategies and presents the corresponding procedures to replace certificates and private keys.

show abstract

Section: Certificate Replacementmentioning

confidence: 99%

Good practices for Long-Term Key Management in a Public Key Infrastructure

Carlos

Custódio

Sutil

2008

2008 11th IEEE International Conference on Computational Science and Engineering - Workshops

View full text Add to dashboard Cite

show abstract

“…Communications between the EE, RA, and CA are driven by the standard Certificate Management Protocol (CMP), 20 which is in turn based on the syntax defined by the Certificate Re- quest Message Format (CRMF). 21 It is worth noting that, although not widely adopted, certificate management over CMS (CMC) 22 is also a proposed IETF draft standard for a certificate life-cycle management protocol. CMS 23 (Cryptographic Message Syntax) is the IETF standard for a cryptographic enveloping technique for protecting messages.…”

Section: The Infrastructure Topologymentioning

confidence: 99%

The Internet public key infrastructure

Benantar¹

2001

IBM Syst. J.

View full text Add to dashboard Cite

Long before the advent of electronic systems, different methods of information scrambling were used. Early attempts at data security in electronic computers employed some of the same transformations. Modern secret key cryptography brought much greater security, but eventually proved vulnerable to brute-force attacks. Public key cryptography has now emerged as the core technology for modern computing security systems. By associating a public key with a private key, many of the key distribution problems of earlier systems are avoided. The Internet public key infrastructure provides the secure digital certification required to establish a network of trust for public commerce. This paper explores the details of the infrastructure. P ublic key cryptography has emerged as a core technology and has been adopted in many modern computing security systems. The concept of related private and public key pairs is probably its most appealing aspect. The notion that one cryptographic operation-encryption-can be performed using one key from the pair, while the reverse transformation can only be computed using the other key in the pair, is indeed a giant step toward solving the secret key distribution problem. The proliferation of public cryptographic keys, on the other hand, needs to be achieved in a controlled fashion to ensure that public keys are securely bound to legitimate entities. The Internet public key infrastructure defines secure digital certification for public keys. This paper explores the details of this infrastructure. We begin with an overview of secret key cryptography; we then introduce the secret key distribution problem and explain how public key cryptography contributes to its resolution. Subsequently, we discuss the foundations of the Internet public key certification, the reasons it is needed, and its defining components.

show abstract

“…2. Our certificate request was designed to conform with the X.509 CRMF standard [15] and is shown below. A node chooses a serving coalition of the k least costly (in terms of hop count) shareholders it is aware of, and sends a CREQ (Certificate Request) message to these serving nodes.…”

Section: Figure 2 Creq Dispatch To Shareholdersmentioning

confidence: 99%

Implementing a fully distributed certificate authority in an OLSR MANET

Dhillon¹,

Randhawa²,

Wang³

et al.

2004 IEEE Wireless Communications and Networking Conference (IEEE Cat. No.04TH8733)

View full text Add to dashboard Cite

OLSR (Optimal Link State Routing) is one of the four base routing protocols being considered for use with MANETs (Mobile Ad hoc Networks) by the IETF's MANET working group. OLSR belongs to the proactive class of routing protocols in which the connection setup delay is minimized at the expense of heavier control traffic load on the wireless channel. Existing IETF draft proposals on OLSR do not yet address security issues. Although a PKI (Public Key Infrastructure) based security is deemed more appropriate for MANETs including OLSR MANETs, care should be taken to ensure that such an infrastructure does not add to the already heavy control traffic load in OLSR and, as much as possible, the existing OLSR control packets are utilized to support such infrastructures as well. In this paper we describe our approach in which a PKI is tightly coupled with an OLSR MANET at the network layer level and the OLSR control packets are leveraged to support various security related activities as well. We have implemented a fully distributed CA (Certificate Authority) and integrated it with an existing implementation of OLSRv4 (OLSR for IP version 4). Intricate details of our implementation are presented to develop insight into key aspects of the proposed solution.

show abstract

Internet X.509 Certificate Request Message Format

Cited by 39 publications

References 0 publications

Good practices for Long-Term Key Management in a Public Key Infrastructure

Good practices for Long-Term Key Management in a Public Key Infrastructure

The Internet public key infrastructure

Implementing a fully distributed certificate authority in an OLSR MANET

Contact Info

Product

Resources

About