X.509 Certification Path Validation - Entrust
X.509 Certification Path Validation - Entrust
X.509 Certification Path Validation - Entrust
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>X.509</strong> certification path validation summary/conclusions<br />
PKI deployment planning includes ensuring that products/services being deployed support the<br />
requirements to protect relying parties. Some functional aspects that need to be carefully considered<br />
include:<br />
• CA support for inclusion of relevant infrastructure constraints;<br />
• Central management of process constraints;<br />
• Flexibility in configuring infrastructure and process constraints to suit specific and changing<br />
needs; and<br />
• Relying party path validation support for processing initialization and infrastructure constraints.<br />
Given the vital role path validation plays in PKI, it is critical that relying party systems that perform path<br />
validation implement the set of processes properly and in compliance with the requirements of the base<br />
standards. Otherwise, relying parties may unknowingly place trust in untrustworthy certificates, defeating<br />
the very purpose of the PKI. The PKITS test suite now provides an authoritative and comprehensive set<br />
of conformance tests for all aspects of path validation. These tests are freely available, along with the test<br />
data, from the NIST web site and can be run against a path validation system to ensure proper<br />
functioning. In addition to the PKITS test suite, the bridge-enabled protection profile provides a valuable<br />
companion specification describing the features that are required by a path validation implementation to<br />
claim support for the bridge-enabled environment. Relying party systems that support all these features<br />
and pass the corresponding PKITS tests provide a solid comprehensive path validation process.<br />
© Copyright 2004 <strong>Entrust</strong>. www.entrust.com<br />
All rights reserved. Page 15