Internet X.509 Public Key Infrastructure: Qualified Certificates Profile

Santesson, Stefan; Polk, Tim; Barzin, P.; Nyström, Magnus

doi:10.17487/rfc3739

Cited by 15 publications

(6 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Qualified Certificates (QC) are defined in RFC 3039 [14] and the "qualified status" is specifically tied to "applicable governing law" in a way similar to our RealName proposal. The goals of the two schemes are disjoint.…”

Section: Qualified Certificatementioning

confidence: 99%

Authenticated names

Chow¹,

Gustave²,

Vinokurov³

2008

Proceedings of the 2007 Workshop on New Security Paradigms

View full text Add to dashboard Cite

Currently, most means of communication include some form of identification of the sender/originator, but none of these identifications are securely authenticated (at least not conveniently or in wide use). Legitimate business entities can be misrepresented by their name, and this creates opportunities for various scams known as phishing. We propose a new end-to-end authentication scheme that can be used to authenticate companies over many means of communication including telephony, email, web, and Instant Messaging. The framework is flexible and gives concerned legitimate institutions the ability to delegate their authenticated names to employees outside the office as well as outsourcing companies. Categories and Subject DescriptorsK.6.5 [Management of computing and information systems]:

show abstract

Section: Qualified Certificatementioning

confidence: 99%

Authenticated names

Chow¹,

Gustave²,

Vinokurov³

2008

Proceedings of the 2007 Workshop on New Security Paradigms

View full text Add to dashboard Cite

show abstract

“…If such a certificate needs to conform to a certificate profile such as [RFC3739], then this certificate may have to use a separate set of attributes to express the subject identity. The certificate also may have to employ a format for attribute values that is different from the set of attributes obtained from the SAML assertion.…”

Section: Introductionmentioning

confidence: 99%

Authentication Context Certificate Extension

Santesson¹

2016

Self Cite

View full text Add to dashboard Cite

This document defines an extension to X.509 certificates. The extension defined in this document holds data about how the certificate subject was authenticated by the Certification Authority that issued the certificate in which this extension appears.This document also defines one data structure for inclusion in this extension. The data structure is designed to hold information when the subject is authenticated using a Security Assertion Markup Language (SAML) assertion. Status of This MemoThis is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7773.

show abstract

“…For example, the IdP does not have sufficient information to judge whether a tamper-resistant IC card with digital signature function is used at the Claimant or not. It is true that a private key stored in a tamperresistant IC card can be distinguished with the qualified certificate specified in RFC 3739 [16] with the qualified certificate statement 5.2.4 in ETSI TS 101 862 [3] which is for secure signature-creation devices with the conditions in Annex III of Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures [4]. But the purpose of X.509 certificate itself is to describe the attributes of the user and his/her public key.…”

Section: Introductionmentioning

confidence: 99%