Support For Open Standards; Certificate Management Formats And Protocols; Security And Directory Protocols - Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual

three times as long as the key for standard DES. Because the key size is so large, there are
approximately 3.7 * 10^50 possible keys. This cipher suite is FIPS-compliant.
• RC4 and RC2 and MD5 Message Authentication. The RC4 and RC2 ciphers have 128-bit
encryption, which permits approximately 3.4 * 10^38 possible keys. This makes RC4 or RC2 keys
very difficult to crack. RC4 ciphers are faster than RC2 ciphers.
RC4 can use SHA-1 message authentication as well as MD5 message authentication.
• DES and SHA-1 Message Authentication. DES 56-bit encryption permits approximately 7.2
* 10^16 possible keys. This cipher suite is no longer FIPS-compliant because it is too weak
cryptographically.

1.5. Support for Open Standards

This section lists the standard message formats and protocols supported by the Certificate System.

1.5.1. Certificate Management Formats and Protocols

The Certificate System supports the following certificate management formats and protocols. For more
details about the proposed PKIX standards listed here, see
under Internet Drafts.
charter.html
• Certificate Request Message Format (CRMF). A message format to send a certificate request to a
CA. A standard from the Internet Engineering Task Force (IETF) PKIX working group.
• Certificate Management Message Formats (CMMF). Message formats to send certificate requests
and revocation requests from end entities to a CA and to return information to end entities. A
proposed standard from the IETF PKIX working group. CMMF has been subsumed by another
standard, CMC.
• Certificate Management Messages over CS (CMC). A general interface to public-key certification
products based on CS and PKCS #10, including a certificate enrollment protocol for RSA-signed
certificates with Diffie-Hellman public-keys. A standard from the IETF PKIX working group. CMC
incorporates CRMF and CMMF.
• Cryptographic Message Syntax (CS). A superset of PKCS #7 syntax used for digital signatures and
encryption. A proposed standard from the IETF PKIX working group.
• PKIX Certificate and CRL Profile (PKIX Part 1). The first part of the four-part standard under
development by the IETF for a public-key infrastructure for the Internet. Part 1 specified standards
for certificates and CRLs. Certificate System will support the other PKIX parts as they are finalized.
For more information about PKIX Part 1, see ftp://ftp.isi.edu/in-notes/rfc2459.txt.

1.5.2. Security and Directory Protocols

The Certificate System supports the following security and directory protocols:
• FIPS PUBS 140-1. Federal Information Standards Publications (FIPS PUBS) 140-1 is a US
government standard for implementing cryptographic modules such as hardware or software
Support for Open Standards
http://www.ietf.org/html.charters/pkix-
21