certificate
Click on the red underlined text to get to the source
... Internet
Public Key Infrastructure certificates to convey Key Exchange
Algorithm (KEA) keys. This specification is an addendum to RFC 2459(-> 3280prop),
...
...
The goal is to augment the X.509 certificate profile presented in
Part 1 to facilitate the management ...
... profile does not prohibit the use of an X.500 Directory,
but other means of distributing certificates and certificate
revocation lists (CRLs) are supported.
...
... X.500 Directory,
but other means of distributing certificates and certificate
revocation lists (CRLs) are supported.
...
... authorization functions. Support for these
services determines the attributes contained in the certificate as
well as the ancillary control information in the certificate such as
...
... services determines the attributes contained in the certificate as
well as the ancillary control information in the certificate such as
policy data and certification path constraints ...
... well as the ancillary control information in the certificate such as
policy data and certification path constraints.
...
...
The goal of this document is to profile KEA certificates, specifying
the contents and semantics of attributes which were not fully
...
... PKI are people and processes who use client
software and are the subjects named in certificates. These uses
include readers and writers of electronic mail, the clients ...
... root keys, rules), explicit platform usage constraints within
the certificate, certification path constraints which shield the user
...
... constraints within
the certificate, certification path constraints which shield the user
from many malicious actions, and applications which sensibly automate
...
... PKI profile is structured to support the
individuals who generally operate Certification Authorities (CAs).
Providing administrators ...
... data formats which may
be used with [RFC2459] to describe X.509 certificates containing a
KEA public key. Conforming CAs ...
... CAs are required to use the object
identifiers and data formats when issuing KEA certificates.
Conforming applications shall recognize the object identifiers and
...
...
The certificate identifies the KEA algorithm, conveys optional
parameters, and specifies the KEA public key ...
... algorithm identifier and the subjectPublicKey field.
The certificate indicates the algorithm through an algorithm
identifier. This algorithm identifier ...
... Conforming CAs shall use the identified OID when issuing certificates
containing public keys for the KEA algorithm ...
... identified in section 3.1.1.
The certificate conveys the KEA public key through the
subjectPublicKey field. This subjectPublicKey field is a BIT STRING ...
... CAs shall encode the KEA public key as
described in Section 3.1.2 when issuing certificates containing
public keys for the KEA algorithm ...
... public keys were generated with the same KEA parameters. The KEA
parameters are not included in a certificate; instead a "domain
identifier" is supplied in the parameters field.
...
... CAs shall populate the parameters field of the AlgorithmIdentifier
within the subjectPublicKeyInfo field of each certificate containing
a KEA public key with an 80-bit ...
... Key Usage Extension in KEA certificates ...
...
The key usage extension may optionally appear in a KEA certificate.
If a KEA certificate includes the keyUsage extension, only the
...
... key usage extension may optionally appear in a KEA certificate.
If a KEA certificate includes the keyUsage extension, only the
following values may be asserted:
...
... Internet X.509 Public Key Infrastructure: X.509 Certificate and CRL Profile", RFC 2459(-> 3280prop) ...
... This specification is devoted to the format and encoding of KEA keys
in X.509 certificates. Since certificates are digitally signed, no
additional integrity service ...
... encoding of KEA keys
in X.509 certificates. Since certificates are digitally signed, no
additional integrity service is necessary. Certificates ...
... certificates are digitally signed, no
additional integrity service is necessary. Certificates need not be
kept secret, and unrestricted and anonymous access to certificates
...
... integrity service is necessary. Certificates need not be
kept secret, and unrestricted and anonymous access to certificates
and CRLs has no security implications ...
... However, security factors outside the scope of this specification
will affect the assurance provided to certificate users. This
section highlights critical issues that should be considered by
...
... identity of their public key greatly affect the
assurance that should be placed in the certificate. Relying parties
may wish to review the CA's certificate ...
... certificate. Relying parties
may wish to review the CA's certificate practice statement.
The protection afforded private keys ...
... The availability and freshness of revocation information will affect
the degree of assurance that should be placed in a certificate.
While certificates ...
... certificate.
While certificates expire naturally, events may occur during its
natural lifetime which negate the binding ...
... decision as it ultimately determines the trust afforded a
certificate. The authenticated distribution of trusted CA public
keys ...
... authenticated distribution of trusted CA public
keys (usually in the form of a "self-signed" certificate) is a
security critical ...
... PKI emerges.
The quality of implementations that process certificates may also
affect the degree of assurance provided. The path validation
...
... private key, an attacker could trick
the user into accepting false certificates.
The binding ...