Support for Open Standards
•
PKIX Certificate and CRL Profile (PKIX Part 1). The first part of the four-part
standard under development by the IETF for a public-key infrastructure for the
Internet. Part 1 deals with specifications for certificates and CRLs. CS will support the
other PKIX parts as they are finalized. For more information about PKIX Part 1, see
ftp://ftp.isi.edu/in-notes/rfc2459.txt.
Security and Directory Protocols
CS supports the following security and directory protocols:
•
FIPS PUBS 140-1. Federal Information Standards Publications (FIPS PUBS) 140-1 is
a US government standard for implementations of cryptographic modules—that is,
hardware or software that encrypts and decrypts data or performs other cryptographic
operations (such as creating or verifying digital signatures).
•
Hypertext Transport Protocol (HTTP) and Hypertext Transport Protocol Secure
(HTTPS). Protocols used to communicate with web servers.
•
KEYGEN tag. An HTML tag supported by Netscape browsers that generates a key
pair for use with a certificate. For more information, see
http://www.netscape.com/eng/security/comm4-keygen.html
•
Lightweight Directory Access Protocol (LDAP) v2, v3. A directory service protocol
designed to run over TCP/IP and across multiple platforms. LDAP is a simplified
version of Directory Access Protocol (DAP), used to access X.500 directories. LDAP
is under IETF change control and has evolved to meet Internet requirements.
•
Public-Key Cryptography Standard (PKCS) #7. An encrypted data and message
format developed by RSA Data Security to represent digital signatures, certificate
chains, and encrypted data. This format is used to deliver certificates to end entities.
•
Public-Key Cryptography Standard (PKCS) #10. A message format developed by
RSA Data Security for certificate requests. This format is supported by many server
products and by Microsoft Internet Explorer.
•
Public-Key Cryptography Standard (PKCS) #11. Specifies an API used to
communicate with devices such as hardware tokens that hold cryptographic
information and perform cryptographic operations.
•
X.509 v1, v3. Digital certificate formats recommended by the International
Telecommunications Union (ITU).
•
Secure Sockets Layer (SSL) 2.0, 3.0. A set of rules governing server authentication,
client authentication, and encrypted communication between servers and clients.
64
Red Hat Certificate System Administrator's Guide • September 2005
.