Chapter 5: Standards and Organizations

A great many standards have been created covering SSL and PKI, and as is often the way with new areas some of these standards are rivals or at least alternatives. This chapter briefly introduces the standards referred to in the coming chapters, and the organizations behind these standards.

X.509

The most important standard for PKI's is X.509, which defines the format and content of digital certificates and how to validate them. It is an International Telecommunications Union (ITU) Recommendation, published as ITU-T X.509 and ISO/IEC/ITU 9594-8.

Standards are still evolving, and different companies have implemented it in different ways. For example, Netscape and Microsoft both use X.509 certificates in their Web servers and browsers, but an X.509 certificate created by Netscape may not be readable by Microsoft products, and vice versa.

PKCS Standards

There is a set of de facto cryptographic message standards called Public Key Cryptography Standards (PKCS) which were originally developed and are still maintained by RSA Laboratories. (For more detailed information, see the Web page at RSA Laboratories.

The standards that are most relevant to PKI are:

• PKCS #7, Cryptographic Message Syntax Standard. A general syntax for data to which cryptography can be applied, such as digital signatures and encryption. It also provides a syntax for disseminating certificates or certificate revocation lists (CRLs).
• PKCS #10, Certification Request Syntax Standard. Provides a format for a request for a certificate.
• PKCS #12, Personal Information Exchange Syntax Standard. Primarily provides a format for storing keys or a certificate in a file.

Copyright © 2009 Micro Focus (IP) Ltd. All rights reserved.