PKI and digital certification infrastructure

Secure VPN technology is only possible with the use of appropriate security systems such as encryption, digital signatures, digital certificates, public/private key pairs, non-repudiation, and time-stamping. A PKI comprises a system of certificates, certificate authorities, subjects, relying partners, registration authorities, and key repositories that provide for safe and reliable communications. This paper discusses these key technologies focusing particularly on standardisation as well as looking at some of the challenges pending its widespread operation in the industry.

[1]  Jim Schaad,et al.  Certificate Management Messages over CMS , 2000, RFC.

[2]  Tim Howes,et al.  Lightweight Directory Access Protocol (v3) , 1997, RFC.

[3]  Tim Howes,et al.  Lightweight Directory Access Protocol , 1995, RFC.

[4]  Stefan Santesson,et al.  Internet X.509 Public Key Infrastructure: Qualified Certificates Profile , 2001, RFC.

[5]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[6]  Carlisle M. Adams,et al.  Internet X.509 Certificate Request Message Format , 1999, RFC.

[7]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Representation of Key Exchange Algorithm (KEA) Keys in Internet X.509 Public Key Infrastructure Certificates , 1999, RFC.

[8]  Stephen Farrell,et al.  Internet X.509 Public Key Infrastructure Certificate Management Protocols , 1999, RFC.

[9]  Tim Howes,et al.  Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2 , 1999, RFC.

[10]  Tim Howes,et al.  Internet X.509 Public Key Infrastructure LDAPv2 Schema , 1999, RFC.

[11]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[12]  Carl M. Ellison,et al.  SPKI Requirements , 1999, RFC.

[13]  David W. Chadwick Internet X.509 Public Key Infrastructure Operational Protocols -- LDAPv3 , 2002 .

[14]  Carlisle M. Adams,et al.  Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) , 2001, RFC.

[15]  Warwick Ford,et al.  Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework , 2003, RFC.

[16]  Tim Polk,et al.  Internet X.509 Public Key Infrastructure Representation of Elliptic Curve Digital Signature Algorithm (ECDSA) Keys and Signatures in Internet X.509 Public Key Infrastructure Certificates , 1999 .

[17]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[18]  Paul E. Hoffman,et al.  Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP , 1999, RFC.

[19]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.