Support for Open Standards
•
Cryptographic Message Syntax (CMS). A superset of PKCS #7 syntax used for
digital signatures and encryption. A proposed standard from the IETF PKIX
working group.
•
PKIX Certificate and CRL Profile (PKIX Part 1). The first part of the four-part
standard under development by the IETF for a public-key infrastructure for the
Internet. Part 1 deals with specifications for certificates and CRLs. CMS will
support the other PKIX parts as they are finalized. For more information about
PKIX Part 1, see ftp://ftp.isi.edu/in-notes/rfc2459.txt.
Security and Directory Protocols
CMS supports the following security and directory protocols:
•
FIPS PUBS 140-1. Federal Information Standards Publications (FIPS PUBS)
140-1 is a US government standard for implementations of cryptographic
modules—that is, hardware or software that encrypts and decrypts data or
performs other cryptographic operations (such as creating or verifying digital
signatures).
•
Hypertext Transport Protocol (HTTP) and Hypertext Transport Protocol
Secure (HTTPS). Protocols used to communicate with web servers.
•
KEYGEN tag. An HTML tag supported by Netscape browsers that generates a
key pair for use with a certificate. For more information, see
http://www.netscape.com/eng/security/comm4-keygen.html
•
Lightweight Directory Access Protocol (LDAP) v2, v3. A directory service
protocol designed to run over TCP/IP and across multiple platforms. LDAP is
a simplified version of Directory Access Protocol (DAP), used to access X.500
directories. LDAP is under IETF change control and has evolved to meet
Internet requirements.
•
Public-Key Cryptography Standard (PKCS) #7. An encrypted data and
message format developed by RSA Data Security to represent digital
signatures, certificate chains, and encrypted data. This format is used to deliver
certificates to end entities.
•
Public-Key Cryptography Standard (PKCS) #10. A message format developed
by RSA Data Security for certificate requests. This format is supported by
many server products and by Microsoft Internet Explorer.
•
Public-Key Cryptography Standard (PKCS) #11. Specifies an API used to
communicate with devices such as hardware tokens that hold cryptographic
information and perform cryptographic operations.
66
Netscape Certificate Management System Administrator's Guide • February 2003
.