3 years ago

X.509 Certification Path Validation - Entrust

X.509 Certification Path Validation - Entrust


X.509 certification path validation summary/conclusions PKI deployment planning includes ensuring that products/services being deployed support the requirements to protect relying parties. Some functional aspects that need to be carefully considered include: • CA support for inclusion of relevant infrastructure constraints; • Central management of process constraints; • Flexibility in configuring infrastructure and process constraints to suit specific and changing needs; and • Relying party path validation support for processing initialization and infrastructure constraints. Given the vital role path validation plays in PKI, it is critical that relying party systems that perform path validation implement the set of processes properly and in compliance with the requirements of the base standards. Otherwise, relying parties may unknowingly place trust in untrustworthy certificates, defeating the very purpose of the PKI. The PKITS test suite now provides an authoritative and comprehensive set of conformance tests for all aspects of path validation. These tests are freely available, along with the test data, from the NIST web site and can be run against a path validation system to ensure proper functioning. In addition to the PKITS test suite, the bridge-enabled protection profile provides a valuable companion specification describing the features that are required by a path validation implementation to claim support for the bridge-enabled environment. Relying party systems that support all these features and pass the corresponding PKITS tests provide a solid comprehensive path validation process. © Copyright 2004 Entrust. All rights reserved. Page 15

X.509 certification path validation References 7. REFERENCES [X.509] ITU-T Recommendation X.509 (2000 E): Information Technology, Open systems interconnection - The Directory: Public-key and attribute certificate frameworks. [PKIX] RFC 3280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile [PKITS]: Public Key Interoperability Test Suite © Copyright 2004 Entrust. All rights reserved. Page 16

The Federal Bridge: A Foundation of Trust - Entrust
A General, Flexible Approach to Certificate Revocation - Entrust
X.509 Certificates
Using Entrust certificates with VPN
Certificate Policies and Certification Practice Statements v.1.0 - Entrust
Using Entrust certificates with Adobe CDS
A Model of Trust Evaluation for X.509 Certificate
Entrust Certificate Management Service (CMS)
Personal Secure Email Certificate - Entrust
Entrust Certificate Services Certificate Management Service 9.7 ...
Getting an end-user Entrust certificate using Entrust Entelligence ...
Entrust Certificate Services Authenticode Signing User Guide
Trust Management in the Public-Key Infrastructure - Entrust
X.509 Certificate and CRL Extensions Profile for PIV-I Cards free trusted certificates by combining the x.509
Certification Path Processing in the Tumbleweed Validation ...
How Trust Had a Hole Blown In It The Case of X.509 Name ...
Request for comments - Authority Public-key Distribution ... - Entrust
The Road to Compliance: Signing Your SOX Certification ... - Entrust
Internet X.509 Public Key Infrastructure: Qualified Certificates Profile
Internet X.509 Public Key Infrastructure (PKI) Proxy ... -
Functional Requirements for Path Validation Systems
Entrust Adobe CDS Individual Certificate Enrollment ... - Entrust, Inc.
Compliance of X.509 Certification Standard in the ... - IBIMA Publishing
The Initium X.509 Certificate Wizard - The Journal of Object ...
TrustGate5 (PSK and X.509 Certificates) - Innominate Security ...
X.509 Proxy Certificates for Dynamic Delegation - ...
Understanding X.509 Attribute Certificates - Pascal Jakobi
EV Multi-domain Certificate Enrollment Guide - Entrust