PKIhttp://www.oasis-open.orghttp://www.oasis-pki.org
  About PKI Forum PKI Members Join PKI Forum PKI News PKI Events OASIS Members Only http://xml.coverpages.org http://www.xml.org  

PKI
PKI
 About
 Join
 Governance
 Members

PKI Resources
 Resources
 White Papers
 FAQ

Technical Process
 IPR Policy
 TC Process

Technical Committees
 Current TC List
 PKI

OASIS Network
 OASIS
 CGM Open
 DCML
 ebXML
 LegalXML
 UDDI

OASIS Info Channels
 Cover Pages
 XML.org
 Sponsorship

PKI Home / PKI Technical Standards /

PKI Technical Standards

What follows is a comprehensive set of lists of applicable PKI standards.
Notes: Standards tend to migrate from one body to another, as they mature and become ratified and adopted by steadily bigger groups. Over time this can lead to redundant standards documents. For instance, most of the RSA Laboratories' PKCS series have been adopted by the IETF now; such standards can appear more than once in the lists below. A nearly complete compendium of information security standards was produced by APEC and is available from the Federal PKI Steering Committe website: APEC Standards Handbook.

 Important PKI Standards Organisations
 The Major PKI Related RFCs
 Other PKI Related RFCs
 Other Cryptography Related RFCs
 Other Security and Crypto Standards
 ANSI Financial Industry PKI Standards
 ANSI Financial Industry PKI Standards IN DEVELOPMENT
 ISO PKI Standards
 PKCS Series
 Smartcard Standards & Guidelines
 European Electronic Signature Standards
 PKI Based Protocols
 Alternative, Novel, Developmental and Historical Public Key Management Systems

Important PKI Standards Organisations

Back to Top
PKIX - the public key working group of the IETF
IETF Security Area
RSA PKCS - Standards Series
IEEE Standards for Public Key Cryptography
European Telecommunications Standards Institute
IPSEC - (IETF)
S/MIME Mail Security (IETF) - See also Internet Mail Consortium S/MIME site
Transport Layer Security (TLS) - (IETF)
NIST PKI Program - i.e. the National Institute of Standards and Technology.
NIST Federal PKI Technical Working Group
NIST PKI Program Document registers
ANSI X9 - Financial Industry Standards
Internet Mail Consortium
Open Specification for Pretty Good Privacy

The Major PKI Related RFCs

Back to Top
The chair of the IETF's PKIX Working Group once named these as the most important of their RFCs to do with public key security. All other PKI related RFCs are listed further below.
RFC3820 - Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile
RFC2560 - X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP
RFC2527 - Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. Superseded by RFC 3647.
RFC3647 - Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. Supersedes RFC 2527.
RFC2511 - Internet X.509 Certificate Request Message Format
RFC2797 - Certificate Management Messages over CMS
RFC3039 - Internet X.509 Public Key Infrastructure Qualified Certificates Profile
RFC3161 - Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)
RFC3281 - An Internet Attribute Certificate Profile for Authorization

Other PKI related RFCs

Back to Top
RFC2510 - Internet X.509 Public Key Infrastructure Certificate Management Protocols
RFC2585 - Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP
RFC2587 - Internet X.509 Public Key Infrastructure LDAPv2 Schema

Other Cryptography Related RFCs

Back to Top
RFC3779 - X.509 Extensions for IP Addresses and AS Identifiers
BCP0086 - Determining Strengths For Public Keys Used For Exchanging Symmetric Keys
RFC3739 - Internet X.509 Public Key Infrastructure: Qualified Certificates Profile
RFC3709 - Internet X.509 Public Key Infrastructure: Logotypes in X.509 Certificates
RFC3647 - Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework
RFC3628 - Policy Requirements for Time-Stamping Authorities (TSAs)
RFC3447 - Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1
RFC3379 - Delegated Path Validation and Delegated Path Discovery Protocol Requirements
RFC3280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
RFC3279 - Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
RFC3278 - Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS)
RFC3029 - Internet X.509 Public Key Infrastructure Data Validation and Certification Server Protocols
RFC2986 - PKCS #10: Certification Request Syntax Specification Version 1.7
RFC2985 - PKCS #9: Selected Object Classes and Attribute Types Version 2.0
RFC2898 - PKCS #5: Password-Based Cryptography Specification Version 2.0
RFC2847 - LIPKEY - A Low Infrastructure Public Key Mechanism Using SPKM
RFC2693 - SPKI Certificate Theory
RFC2692 - SPKI Requirements
RFC2559 - Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2
RFC2528 - Internet X.509 Public Key Infrastructure Representation of Key Exchange Algorithm (KEA) Keys in Internet X.509 Certificates
RFC2510 - Internet X.509 Public Key Infrastructure Certificate Management Protocols
RFC2459 - Internet X.509 Public Key Infrastructure Certificate and CRL Profile
RFC2437 - PKCS #1: RSA Cryptography Specifications Version 2.0
RFC2314 - PKCS #10: Certification Request Syntax Version 1.5
RFC2313 - PKCS #1: RSA Encryption Version 1.5
RFC2025 - The Simple Public-Key GSS-API Mechanism (SPKM)
RFC1824 - The Exponential Security System TESS: An Identity-Based Cryptographic Protocol for Authenticated Key-Exchange (E.I.S.S.-Report 1995/4)

Other Security and Crypto Standards

Back to Top
Federal Information Processing Standards Publications - (FIPS PUBS)
FIPS PUB 140-2 - Security Requirements for Cryptographic Modules. Note that this page includes links to the standard as well as its Annexes, plus testing requirements and lists of current validated products.
Special Publication 800-29 - A Comparison of the Security Requirements in Cryptographic Modules in FIPS 140-1 and FIPS 140-2
FIPS PUB 140-1 - Security Requirements for Cryptographic Modules (now superseded by FIPS 140-2)
ISO/IEC 15408:2000 - Common Criteria; see also Dutch Common Criteria site

ANSI Financial Industry PKI Standards

Back to Top
X9.30 Part 1:1997 - Public Key Cryptography Using Irreversible Algorithm: Digital Signature Algorithm (DSA)
X9.30 Part 2:1997 - Public Key Cryptography Using Irreversible Algorithms for the Financial Services Industry, Part 2: The Secure Hash Algorithm
X9.31:1998 - Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA)
X9.42:2003 - Public Key Cryptography for Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography
X9.55:1997 - Certificate Extensions for Multi-Domain Operations
X9.57:1997 - Public Key Cryptography For the Financial Services Industry: Certificate Management
X9.62:1998 - Public Key Cryptography: The Elliptic Curve Digital Signature Algorithm (ECDSA)
X9.63:2001 - Key Agreement and Key Management Using Elliptic Curve-Based Cryptography
X9.68 Part 2:2001 - Digital Certificates for High Transaction Volume Financial Systems
X9.69:1998 - Framework for Key Management Extensions
X9.73:2003 - Cryptographic Message Syntax
X9.79:2001 - PKI Practices and Policy Framework for the Financial Services Industry. Important standard upon which WebTrust for CAs was developed.

ANSI Financial Industry PKI Standards IN DEVELOPMENT

Back to Top
X9.77:200X - Public Key Infrastructure Protocols Withdrawn
X9.79 Part 2:200X - Protection Profiles for Certificate Issuing and Management Systems. Committee Voting
X9.88:200X - Long Term Non-Repudiation Using Digital SignaturesWithdrawn
X9.89-200X - Management Protocols for Short CertificatesWithdrawn

ISO PKI Standards

Back to Top
ISO/CD 11568 - Financial services -- Key management (retail) Parts 1, 3, 4 and 5
ISO 13491-1:1998 - Banking -- Secure cryptographic devices (retail) -- Part 1: Concepts, requirements and evaluation methods
ISO 15782-1:2003 - Banking -- Certificate management for financial services -- Part 1: Public key certificates
ISO 15782-2:2001 - Banking -- Certificate management -- Part 2: Certificate extensions
ISO/TS 17090-1:2002 - Health informatics -- Public key infrastructure -- Parts 1-3: Framework and overview, Certificate profile, and Policy management of certification authority
ISO/CD 21188 - Public key infrastructure for financial services -- Practices and policy framework

PKCS Series

Back to Top
The PKCS series of cryptographic standards is managed by RSA Security Inc. The PKCS standards have moved beyond being proprietary and have equivalent standing in most of the PKI community as IETF or IEEE standards.
PKCS #1 - RSA Cryptography Standard
PKCS #3 - Diffie-Hellman Key Agreement Standard
PKCS #5 - Password-Based Cryptography Standard
PKCS #6 - Extended-Certificate Syntax Standard
PKCS #7 - Cryptographic Message Syntax Standard
PKCS #8 - Private-Key Information Syntax Standard
PKCS #9 - Selected Attribute Types
PKCS #10 - Certification Request Syntax Standard
PKCS #11 - Cryptographic Token Interface Standard
PKCS #12 - Personal Information Exchange Syntax Standard
PKCS #13 - Elliptic Curve Cryptography Standard
PKCS #15 - Cryptographic Token Information Format Standard

Smartcard Standards & Guidelines

Back to Top
ISO 7810 and ISO 7816 - Peak international physical, mechanical and electronic standards for plastic cards with embedded chips.
PC/SC - Smart card reader architecture specification for PCs. See also specs
NIST Smartcards standards and research - Home page for the National Institute of Standards and Technology smartcard related activities
ISO 14443 - defines RFID proximity smart card standard (two types with different modulation specs)
US Government Smart Card Handbook - by the US General Services Administration

European Electronic Signature Standards

Back to Top
A comprehensive list of relevant standards including certificate profiles is available at ETSI. See also ETSI FAQ.
TS 101 862 v.1.3.1 - Qualified Certificate Profile, based on RFC 3679 X.509 Public Key Infrastructure Qualified Certificates Profile
TS 101 903 v.1.2.2 - XML Advanced Electronic Signatures (XAdES); specifies the XML format for Advanced Electronic Signatures satisfying the requirements defined in the European Directive for Electronic Signatures.

PKI Based Protocols

Back to Top
IPSEC - A comprehensive list of IPSEC related RFCs and Internet Drafts is available at the Working Group Home Page: IPSEC Charter. See also Advanced Engineering Resources above.
SSL - SSL v3.0 Specification. See also Advanced Engineering Resources above.
TLS - RFC 2246 the TLS Protocol Version 1.0. See also Advanced Engineering Resources above.
S/MIME - A comprehensive list of S/MIME related RFCs and Internet Drafts is available at the Working Group Home Page: S/MIME Home. Further links to related e-mail fundamentals (such as MIME, IMAP and POP) are collected at Web docs. See also Advanced Engineering Resources above.

Alternative, Novel, Developmental and Historical Public Key Management Systems

Back to Top
PGP - Pretty Good Privacy
The latest technical developments on PGP standards are at Open PGP. For information about products, see commercial PGP and for PGP shareware, see free PGP.
OpenPGP Message Format - All information needed to develop interoperable applications based on the OpenPGP format. It is not a step-by-step cookbook for writing an application. It describes only the format and methods needed to read, check, generate, and write conforming packets crossing any network. It does not deal with storage and implementation questions. It does, however, discuss implementation issues necessary to avoid security flaws.
RFC 3156 - MIME Security with OpenPGP. This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol
PEM - Privacy Enhanced Email
RFC 1424 - Privacy Enhancement for Internet Electronic Mail: Part IV: Key Certification and Related Services (Standard). This document describes three types of service in support of Internet Privacy-Enhanced Mail (PEM) [RFC 1421-1424]: key certification, certificate- revocation list (CRL) storage, and CRL retrieval. Such services are among those required of an RFC 1422 certification authority.
RFC 1423 - Privacy Enhancement for Internet Electronic Mail (PEM): Part III: Algorithms, Modes, and Identifiers. This document provides definitions, formats, references, and citations for cryptographic algorithms, usage modes, and associated identifiers and parameters used in support of Privacy Enhanced Mail (PEM) in the Internet community.
RFC 1422 - Privacy Enhancement for Internet Electronic Mail (PEM): Part II: Certificate-Based Key Management. This document defines a supporting key management architecture and infrastructure, based on public-key certificate techniques, to provide keying information to message originators and recipients. RFC 1424 provides additional specifications for services in conjunction with the key management infrastructure described herein.
RFC 1421 - Privacy Enhancement for Internet Electronic Mail (PEM): Part I: Message Encryption and Authentication Procedures. This document defines message encryption and authentication procedures, in order to provide privacy-enhanced mail (PEM) services for electronic mail transfer in the Internet.
Simple PKI
See SPKI Charter. "The IETF Simple Public Key Infrastructure [SPKI] Working Group is tasked with producing a certificate structure and operating procedure to meet the needs of the Internet community for trust management in as easy, simple and extensible a way as possible." Note that the last update to the SPKI Goals and Milestones was in 1997, and the latest RFC dates from 1999.
RFC 2692 - SPKI Requirements. The SPKI Working Group first established a list of things one might want to do with certificates (attached at the end of this document), and then summarized that list of desires into requirements. This document presents that summary of requirements.
RFC 2693 - SPKI Certificate Theory. This memo defines an Experimental Protocol for the Internet community. It does not specify an Internet standard of any kind. Discussion and suggestions for improvement are requested.
        
 

ABOUT | MEMBERS | JOIN | NEWS | EVENTS | TECH PROCESS | TECH COMMITTEES | OASIS NETWORK

Copyright © OASIS Open 2006. All rights reserved.