 |
About
Join
Governance
Members
Resources
White Papers
FAQ
IPR Policy
TC Process
Current TC List
PKI
OASIS
CGM Open
DCML
ebXML
LegalXML
UDDI
Cover Pages
XML.org
Sponsorship
|
|
| What follows is a comprehensive set of lists of applicable PKI standards.
|
| Notes: Standards tend to migrate from one body to another, as they
mature and become ratified and adopted by steadily bigger groups. Over time this
can lead to redundant standards documents. For instance, most of the RSA Laboratories'
PKCS series have been adopted by the IETF now; such standards can appear more
than once in the lists below. A nearly complete compendium of information security
standards was produced by APEC and is available from the Federal PKI Steering
Committe website: APEC
Standards Handbook. |
Important PKI Standards Organisations
|
|
The Major PKI Related RFCs
|
|
| The chair of the IETF's PKIX Working Group once named these as the most important
of their RFCs to do with public key security. All other PKI related RFCs are listed
further below. |
| RFC3820 - Internet
X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile |
| RFC2560 - X.509
Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP |
| RFC2527 - Internet
X.509 Public Key Infrastructure Certificate Policy and Certification Practices
Framework. Superseded by RFC 3647. |
| RFC3647 - Internet
X.509 Public Key Infrastructure Certificate Policy and Certification Practices
Framework. Supersedes RFC 2527. |
| RFC2511 - Internet
X.509 Certificate Request Message Format |
| RFC2797 - Certificate
Management Messages over CMS |
| RFC3039 - Internet
X.509 Public Key Infrastructure Qualified Certificates Profile |
| RFC3161 - Internet
X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) |
| RFC3281 - An
Internet Attribute Certificate Profile for Authorization |
| RFC2510 - Internet
X.509 Public Key Infrastructure Certificate Management Protocols |
| RFC2585 - Internet
X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP |
| RFC2587 - Internet
X.509 Public Key Infrastructure LDAPv2 Schema |
Other Cryptography Related RFCs
|
|
| RFC3779 - X.509
Extensions for IP Addresses and AS Identifiers |
| BCP0086 - Determining
Strengths For Public Keys Used For Exchanging Symmetric Keys |
| RFC3739 - Internet
X.509 Public Key Infrastructure: Qualified Certificates Profile |
| RFC3709 - Internet
X.509 Public Key Infrastructure: Logotypes in X.509 Certificates |
| RFC3647 - Internet
X.509 Public Key Infrastructure Certificate Policy and Certification Practices
Framework |
| RFC3628 - Policy
Requirements for Time-Stamping Authorities (TSAs) |
| RFC3447 - Public-Key
Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1
|
| RFC3379 - Delegated
Path Validation and Delegated Path Discovery Protocol Requirements |
| RFC3280 - Internet
X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL)
Profile |
| RFC3279 - Algorithms
and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile |
| RFC3278 - Use
of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax
(CMS) |
| RFC3029 - Internet
X.509 Public Key Infrastructure Data Validation and Certification Server Protocols
|
| RFC2986 - PKCS
#10: Certification Request Syntax Specification Version 1.7 |
| RFC2985 - PKCS
#9: Selected Object Classes and Attribute Types Version 2.0 |
| RFC2898 - PKCS
#5: Password-Based Cryptography Specification Version 2.0 |
| RFC2847 - LIPKEY
- A Low Infrastructure Public Key Mechanism Using SPKM |
| RFC2693 - SPKI
Certificate Theory |
| RFC2692 - SPKI
Requirements |
| RFC2559 - Internet
X.509 Public Key Infrastructure Operational Protocols - LDAPv2 |
| RFC2528 - Internet
X.509 Public Key Infrastructure Representation of Key Exchange Algorithm (KEA)
Keys in Internet X.509 Certificates |
| RFC2510 - Internet
X.509 Public Key Infrastructure Certificate Management Protocols |
| RFC2459 - Internet
X.509 Public Key Infrastructure Certificate and CRL Profile |
| RFC2437 - PKCS
#1: RSA Cryptography Specifications Version 2.0 |
| RFC2314 - PKCS
#10: Certification Request Syntax Version 1.5 |
| RFC2313 - PKCS
#1: RSA Encryption Version 1.5 |
| RFC2025 - The
Simple Public-Key GSS-API Mechanism (SPKM) |
| RFC1824 - The
Exponential Security System TESS: An Identity-Based Cryptographic Protocol for
Authenticated Key-Exchange (E.I.S.S.-Report 1995/4) |
Other Security and Crypto Standards
|
|
ANSI Financial Industry PKI Standards
|
|
| X9.30
Part 1:1997 - Public Key Cryptography Using Irreversible Algorithm: Digital
Signature Algorithm (DSA) |
| X9.30
Part 2:1997 - Public Key Cryptography Using Irreversible Algorithms for the
Financial Services Industry, Part 2: The Secure Hash Algorithm |
| X9.31:1998
- Digital Signatures Using Reversible Public Key Cryptography for the Financial
Services Industry (rDSA) |
| X9.42:2003
- Public Key Cryptography for Financial Services Industry: Agreement of Symmetric
Keys Using Discrete Logarithm Cryptography |
| X9.55:1997
- Certificate Extensions for Multi-Domain Operations |
| X9.57:1997
- Public Key Cryptography For the Financial Services Industry: Certificate Management
|
| X9.62:1998
- Public Key Cryptography: The Elliptic Curve Digital Signature Algorithm (ECDSA)
|
| X9.63:2001
- Key Agreement and Key Management Using Elliptic Curve-Based Cryptography |
| X9.68
Part 2:2001 - Digital Certificates for High Transaction Volume Financial Systems
|
| X9.69:1998
- Framework for Key Management Extensions |
| X9.73:2003
- Cryptographic Message Syntax |
| X9.79:2001
- PKI Practices and Policy Framework for the Financial Services Industry. Important
standard upon which WebTrust for CAs was developed. |
ANSI Financial Industry PKI Standards IN DEVELOPMENT
|
|
| X9.77:200X - Public Key Infrastructure
Protocols Withdrawn |
| X9.79
Part 2:200X - Protection Profiles for Certificate Issuing and Management Systems.
Committee Voting |
| X9.88:200X - Long Term Non-Repudiation
Using Digital SignaturesWithdrawn |
| X9.89-200X - Management Protocols
for Short CertificatesWithdrawn |
| ISO/CD
11568 - Financial services -- Key management (retail) Parts 1, 3, 4 and 5
|
| ISO
13491-1:1998 - Banking -- Secure cryptographic devices (retail) -- Part 1:
Concepts, requirements and evaluation methods |
| ISO
15782-1:2003 - Banking -- Certificate management for financial services --
Part 1: Public key certificates |
| ISO
15782-2:2001 - Banking -- Certificate management -- Part 2: Certificate extensions
|
| ISO/TS
17090-1:2002 - Health informatics -- Public key infrastructure -- Parts 1-3:
Framework and overview, Certificate profile, and Policy management of certification
authority |
| ISO/CD
21188 - Public key infrastructure for financial services -- Practices and
policy framework |
| The PKCS series of cryptographic standards is managed by RSA Security Inc.
The PKCS standards have moved beyond being proprietary and have equivalent standing
in most of the PKI community as IETF or IEEE standards. |
| PKCS #1
- RSA Cryptography Standard |
| PKCS #3
- Diffie-Hellman Key Agreement Standard |
| PKCS #5
- Password-Based Cryptography Standard |
| PKCS #6
- Extended-Certificate Syntax Standard |
| PKCS #7
- Cryptographic Message Syntax Standard |
| PKCS #8
- Private-Key Information Syntax Standard |
| PKCS #9
- Selected Attribute Types |
| PKCS #10
- Certification Request Syntax Standard |
| PKCS #11
- Cryptographic Token Interface Standard |
| PKCS #12
- Personal Information Exchange Syntax Standard |
| PKCS #13
- Elliptic Curve Cryptography Standard |
| PKCS #15
- Cryptographic Token Information Format Standard |
Smartcard Standards & Guidelines
|
|
European Electronic Signature Standards
|
|
| A comprehensive list of relevant standards including certificate profiles
is available at ETSI. See
also ETSI FAQ. |
| TS
101 862 v.1.3.1 - Qualified Certificate Profile, based on RFC 3679 X.509 Public
Key Infrastructure Qualified Certificates Profile |
| TS
101 903 v.1.2.2 - XML Advanced Electronic Signatures (XAdES); specifies the
XML format for Advanced Electronic Signatures satisfying the requirements defined
in the European Directive for Electronic Signatures. |
| IPSEC - A comprehensive list of IPSEC related RFCs and Internet Drafts
is available at the Working Group Home Page: IPSEC
Charter. See also Advanced Engineering Resources above. |
| SSL - SSL v3.0
Specification. See also Advanced Engineering Resources above. |
| TLS - RFC 2246 the TLS
Protocol Version 1.0. See also Advanced Engineering Resources above. |
| S/MIME - A comprehensive list of S/MIME related RFCs and Internet
Drafts is available at the Working Group Home Page: S/MIME
Home. Further links to related e-mail fundamentals (such as MIME, IMAP and
POP) are collected at Web
docs. See also Advanced Engineering Resources above. |
Alternative, Novel, Developmental and Historical Public Key Management Systems
|
|
| PGP - Pretty Good Privacy |
| The latest technical developments on PGP standards are at Open
PGP. For information about products, see commercial
PGP and for PGP shareware, see free PGP. |
| OpenPGP
Message Format - All information needed to develop interoperable applications
based on the OpenPGP format. It is not a step-by-step cookbook for writing an
application. It describes only the format and methods needed to read, check, generate,
and write conforming packets crossing any network. It does not deal with storage
and implementation questions. It does, however, discuss implementation issues
necessary to avoid security flaws. |
| RFC 3156 - MIME Security
with OpenPGP. This document specifies an Internet standards track protocol for
the Internet community, and requests discussion and suggestions for improvements.
Please refer to the current edition of the "Internet Official Protocol Standards"
(STD 1) for the standardization state and status of this protocol |
| PEM - Privacy Enhanced Email |
| RFC 1424 - Privacy Enhancement
for Internet Electronic Mail: Part IV: Key Certification and Related Services
(Standard). This document describes three types of service in support of Internet
Privacy-Enhanced Mail (PEM) [RFC 1421-1424]: key certification, certificate- revocation
list (CRL) storage, and CRL retrieval. Such services are among those required
of an RFC 1422 certification authority. |
| RFC 1423 - Privacy Enhancement
for Internet Electronic Mail (PEM): Part III: Algorithms, Modes, and Identifiers.
This document provides definitions, formats, references, and citations for
cryptographic algorithms, usage modes, and associated identifiers and parameters
used in support of Privacy Enhanced Mail (PEM) in the Internet community. |
| RFC 1422 - Privacy Enhancement
for Internet Electronic Mail (PEM): Part II: Certificate-Based Key Management.
This document defines a supporting key management architecture and infrastructure,
based on public-key certificate techniques, to provide keying information to message
originators and recipients. RFC 1424 provides additional specifications for services
in conjunction with the key management infrastructure described herein. |
| RFC 1421 - Privacy Enhancement
for Internet Electronic Mail (PEM): Part I: Message Encryption and Authentication
Procedures. This document defines message encryption and authentication procedures,
in order to provide privacy-enhanced mail (PEM) services for electronic mail transfer
in the Internet. |
| See SPKI Charter.
"The IETF Simple Public Key Infrastructure [SPKI] Working Group is tasked with
producing a certificate structure and operating procedure to meet the needs of
the Internet community for trust management in as easy, simple and extensible
a way as possible." Note that the last update to the SPKI Goals and Milestones
was in 1997, and the latest RFC dates from 1999. |
| RFC 2692 - SPKI Requirements.
The SPKI Working Group first established a list of things one might want
to do with certificates (attached at the end of this document), and then summarized
that list of desires into requirements. This document presents that summary of
requirements. |
| RFC 2693 - SPKI Certificate
Theory. This memo defines an Experimental Protocol for the Internet community.
It does not specify an Internet standard of any kind. Discussion and suggestions
for improvement are requested. |
|
|
|
|
