Security And Directory Protocols - Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION Administration Manual

Chapter 1. Overview
certificates with Diffie-Hellman public-keys. A standard from the IETF PKIX working group. CMC
incorporates CRMF and CMMF.
• Cryptographic Message Syntax (CS). A superset of PKCS #7 syntax used for digital signatures and
encryption. A proposed standard from the IETF PKIX working group.
• PKIX Certificate and CRL Profile (PKIX Part 1). The first part of the four-part standard under
development by the IETF for a public-key infrastructure for the Internet. Part 1 specified standards
for certificates and CRLs. Certificate System will support the other PKIX parts as they are finalized.
For more information about PKIX Part 1, see ftp://ftp.isi.edu/in-notes/rfc2459.txt.

1.6.2. Security and Directory Protocols

The Certificate System supports the following security and directory protocols:
• FIPS PUBS 140-1. Federal Information Standards Publications (FIPS PUBS) 140-1 is a US
government standard for implementing cryptographic modules such as hardware or software
that encrypts and decrypts data, creates and verifies digital signatures, and other cryptographics
functions.
• Hypertext Transport Protocol (HTTP) and Hypertext Transport Protocol Secure (HTTPS). Protocols
used to communicate with web servers.
• KEYGEN tag. An HTML tag that generates a key pair for use with a certificate.
• Lightweight Directory Access Protocol (LDAP) v2, v3. A directory service protocol designed to
run over TCP/IP and across multiple platforms. LDAP is a simplified version of Directory Access
Protocol (DAP), used to access X.500 directories. LDAP is under IETF change control and has
evolved to meet Internet requirements.
• Public-Key Cryptography Standard (PKCS) #7. An encrypted data and message format developed
by RSA Data Security to represent digital signatures, certificate chains, and encrypted data. This
format is used to deliver certificates to end entities.
• Public-Key Cryptography Standard (PKCS) #10. A message format developed by RSA Data
Security for certificate requests. This format is supported by many server products.
• Public-Key Cryptography Standard (PKCS) #11. Specifies an API used to communicate with devices
such as hardware tokens that hold cryptographic information and perform cryptographic operations.
• X.509 v1, v3. Digital certificate formats recommended by the International Telecommunications
Union (ITU).
• Secure Sockets Layer (SSL) 2.0, 3.0. A set of rules governing server authentication, client
authentication, and encrypted communication between servers and clients.
• Security-Enhanced Linux. Security-enhanced Linux, or SELinux, is a set of security protocols
enforcing mandatory access control on Linux system kernels. This was developed by the United
States National Security Agency to keep applications from accessing confidential or protected files
through lenient or flawed access controls.
22