pkix.htm

The Open–source PKI Book Version 2.4.6 Edition Copyright &copy 1999, 2000 by Symeon (Simos) Xenite

<HTML
><HEAD
><TITLE
>Internet X.509 Public Key Infrastructure (PKIX)</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.55"><LINK
REL="HOME"
TITLE="The Open&#8211;source PKI Book"
HREF="ospki-book.htm"><LINK
REL="PREVIOUS"
TITLE="The NIST Public Key Infrastructure Program"
HREF="fpki.htm"><LINK
REL="NEXT"
TITLE="Concepts"
HREF="pkix-concepts.htm"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>The Open&#8211;source PKI Book: A guide to PKIs and Open&#8211;source Implementations</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="fpki.htm"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="pkix-concepts.htm"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="PKIX"
>Chapter 6. Internet X.509 Public Key Infrastructure (PKIX)</A
></H1
><DIV
CLASS="TOC"
><DL
><DT
><B
>Table of Contents</B
></DT
><DT
><A
HREF="pkix.htm#PKIX-ABBREVIATIONS"
>Abbreviations</A
></DT
><DT
><A
HREF="pkix-concepts.htm"
>Concepts</A
></DT
><DT
><A
HREF="pkix-overview.htm"
>Overview of the PKIX approach</A
></DT
></DL
></DIV
><P
>  In this chapter, we shall provide an informal introduction to the 
  <SPAN
CLASS="ACRONYM"
>PKIX</SPAN
> Internet Standards which are being developed
  by the <A
HREF="http://www.ietf.org/html.charters/pkix-charter.html"
TARGET="_top"
>  <SPAN
CLASS="ACRONYM"
>PKIX</SPAN
> Working Group</A
>.
  </P
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="PKIX-ABBREVIATIONS"
>Abbreviations</A
></H1
><P
>  To avoid confusion regarding the PKIX terminology, we include the
  list of terms as they are found in the PKIX document
  <TT
CLASS="FILENAME"
>draft-ietf-pkix-roadmap-05</TT
>.
  Their full explanation can be found at the Glossary.

  <DIV
CLASS="TABLE"
><P
><B
>Table 6-1. PKIX Terms</B
></P
><TABLE
BORDER="1"
CLASS="CALSTABLE"
><THEAD
><TR
><TH
ALIGN="LEFT"
VALIGN="TOP"
>Term</TH
><TH
ALIGN="LEFT"
VALIGN="TOP"
>Abbreviation</TH
></TR
></THEAD
><TBODY
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Attribute Authority</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><SPAN
CLASS="ACRONYM"
>AA</SPAN
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Attribute Certificate</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><SPAN
CLASS="ACRONYM"
>AC</SPAN
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Certificate</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
>&nbsp;</TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Certification Authority</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><SPAN
CLASS="ACRONYM"
>CA</SPAN
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Certificate Policy</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><SPAN
CLASS="ACRONYM"
>CP</SPAN
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Certification Practice Statement</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><SPAN
CLASS="ACRONYM"
>CPS</SPAN
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>End&#8211;Entity</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><SPAN
CLASS="ACRONYM"
>EE</SPAN
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Public Key Certificate</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><SPAN
CLASS="ACRONYM"
>PKC</SPAN
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Public Key Infrastructure</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><SPAN
CLASS="ACRONYM"
>PKI</SPAN
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Privilege Management Infrastructure</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><SPAN
CLASS="ACRONYM"
>PMI</SPAN
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Registration Authority</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><SPAN
CLASS="ACRONYM"
>RA</SPAN
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Relying Party</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
>&nbsp;</TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Root CA</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
>&nbsp;</TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Subordinate CA</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
>&nbsp;</TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Subject</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
>&nbsp;</TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Top CA</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
>&nbsp;</TD
></TR
></TBODY
></TABLE
></DIV
></P
><P
>  With regard to the term <SPAN
CLASS="ACRONYM"
>X.509</SPAN
>, it comes from the
  <SPAN
CLASS="ACRONYM"
>X.500</SPAN
> specification on directory services.
  The directory services serve as a kind of electronic phonebook, where
  enabled applications can lookup included entities. Each entity has
  a identifying record or Certificate and the format of that Certificate follows
  the recommendation X.509 of the International Telecommunication Union
  (<SPAN
CLASS="ACRONYM"
>ITU</SPAN
>). 
  </P
><P
>  X.500 itself is considered as too difficult to catch on, however, the
  X.509 format for certificates is used by succesive standards. 
  For more information on X.500, one can read the online book
  entitiled <A
HREF="http://www.salford.ac.uk/its024/X500.htm"
TARGET="_top"
>  Understanding X.500 &#8211; The Directory</A
> by D.W.Chadwick.
  </P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="fpki.htm"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="ospki-book.htm"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="pkix-concepts.htm"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>The NIST Public Key Infrastructure Program</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Concepts</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>