Certificating in general
Marc Branchaud's MSc thesis, the best starting point
List of PKI
links
CIT PKI Group
(look at their
General Help
for a good linklist)
PKI project Oscar
NIST PKI programme
PKI Standardization Homepage
Swedish project SEIS, see also
EID Certificate
specification
SEIS mailing
list archive
Baltimore Technologies, see also their
partners for a good
list of PKI companies
Public Key Infrastructure Study: Final Report by
Shimshon Berkovits, Santosh Chokhani, Judith A. Furlong, Jisoo A. Geiter, and
Jonathan C. Guild (original link is
here)
The PKI page -
a lots of PKI-related links
Some companies and their papers
VeriSign
VeriSign reopsitory
VeriSign
Certification Practice Statement, introduction
Netscape
Certificate Extensions (can be a bit out of date)
CAs providing services
for MS products
ECOM (Japan)
IAIK Java Security, see also
their specification
OnWatch.com (public-key.com)
www.usertrust.com/
AlphaTrust
E-Trust
Baltimore and its whitepapers.
Digaital Signatures
Digaital Signature Links by Juan
Avellan
Digital Signature Law
Survey by Simone van der Hof
Notary - working groups and companies
CyberNotary Committee
Home Page at ABANet.org
Digital Notary Service by
Surety
Entropia Internet Notary
Service
(or further:https://entropia.com/notary/)
Digital Notary
Service in Korea
Towards
the Formulation of Guidelines for Digital Notary Systems by ECOM (some kinds
of their related progress reports can also be found
here and
here and
here and
here)
Firstuse.com
E-Timestamp.com
NetDox.com
IDMetrix.con
Russian program
Notary
Entegrity.com's Notary
2.0
Articles
Establishing Identity
Without Certification Authorities by Carl M. Ellison
Transient-key digital
time-stamps, a kind of general talk
X.509
ICE-TEL Certification
Infrastructure
German Policy Certification
Authority
Jozef Stefan Institute Digital ID
Center (ICE-TEL)
Visa
SET
SET Documentation by SETCo
SET
Message Definition
What
does Netscape do with the certificates?
PKIX - PKI using X.509; IETF stuff
PKIX
Working Group
PKIX mailing list
PKI related
Internet drafts
Certificate
and CRL Profile - An Internet draft (check for more in the same directory)
Time
Stamp Protocols - An Internet draft
Data
Certification Server Protocols - An Internet draft
Notary
Protocols - An Internet draft
Certificate revocation
My own overview of Certificate Recocation Paradigms
ValiCert's Certificate
Revocation Trees.
Certificate Revocation:
Mechanics and Meaning by Barbara L. Fox and Brian A. LaMacchia
Efficient Certificate Revocation by Silvio Micali
Certificate
Revocation Modeling by NIST; see the paper by David Cooper
Can We Eliminate
Revocation Lists? by Ron Rivest
Certificate
Revocation and Certificate Update by Moni Naor and Kobbi Nissim
X.509 Internet Public Key Infrastructure: Online Certificate Status Protocol
- OCSP, Internet Draft
X.509 Internet Public Key Infrastructure: Caching the Online Certificate
Status Protocol, Internet Draft
ENHANCED
CRL DISTRIBUTION OPTIONS - An Internet draft
PKCS - an RSA standard
What is
PKCS?
Download
PKCSs 1-10 plus some extras
Netscape's
PKCS11
Netscape's
PKCS11 FAQ
PKCS11 by RSA
Labs
PKCS12 by RSA
Labs (draft)
PKCS13 by RSA
Labs (elliptic curve cryptography standard, draft)
PKCS15 by RSA
Labs (smart card file format, draft)
PKCS
draft
Other paradigms
SDSI/SPKI
Generalized Certificates
(ideology behind SPKI)
SDSI
DNS Security Extensions
An
Internet draft (check for more in the same directory)
PGP Certificates
pgp.net
Robert (Guerra)'s PGP
links
International PGP
Meta-Certificate Group
http://www.mcg.org.br
USA mirror
Meta
Certificate Premier
Certification: Extrinsic, Intrinsic and
Combined
Overview of Certification Systems: X.509, CA, PGP and
SKIP
Miscellanea
S/MIME Working Group
Stefan Kelm's PKI link
list
Microsoft Wallet
OID Registry
A strange
document. (Seems to be out of date.)
INFOSEC - one more European
thing
ftp://ftp.bull.com/pub/OSIdirectory
(see particularily ITU/ and Phoenix98Output/ directories)
Package
java.security.cert
Microsoft
security (Netscape, beware!)
Abbreviations
Hunting throughout this materials I found several confusing abbreviations, so I
wrote them down here together with some clarifications.
- ASN.1 - Abstract Syntax Notation One - a set of formal notation agreements
to represent several standards (e.g. PKCS)
- BER - Basic Encoding Rules - give one or more ways to represent any ASN.1
value as octet string
- CA - Certification Authority
- CPS - Certification Practice Statement - a collection of ideas by VeriSign
- CRL - Certificate Revocation List
- DAP - Directory Access Protocol - a protocol to access X.500 directories
- DER - Distinguished Encoding Rules - give exactly one way to represent any ASN.1
value as octet string
- DIT - Directory Information Tree (see DN)
- DN - Distinguished Name - a globally unique name given to every entry
in the X.500 Directory Information Tree (DIT).
- DNS - Domain Name System
- IPKI - Internet PKI
- ISO - International Organization for Standardization
- ITU - International Telecommunication Union
- LDAP - Lightweight Directory Access Protocol (a light version of DAP)
- MCG - Meta-Certificate Group
- OID - Object Identifyer - a numeric value, composed of a sequence of
integers, that is unique with respect to all other OIDs (where object is
something like signature algorithm, certification policy, user-defined
alternative name or a user-defined extension).
- OCSP - Online Certficate Status Protocol - an on-line protocol designed
for status checking of certificates without the use of CRLs and LDAP
- PEM - Privacy Enhanced Mail - proposed in early 1993 as an Internet
standard for cryptography-enhanced email. The standard never caught on
in the Internet community.
- PGP - Pretty Good Privacy
- PKI - Public Key Infrastructure
- PKIX - Public Key Infrastructure using X.509
- PKCS - Public-Key Cryptography Standard (there are
9 of them released - #1,#3,#5,#6,#7,#8,#9,#10,#11 (#12, #13 and #15
are still drafts)
describing several fields of public-key cryptography standards from RSA Data
Security, Inc.)
- RDN - Relative Distinguished Name - a name given to every entry (except
root) in the X.500 DIT, unique among the siblings. Tehe entry's DN is built
up of the RDNs on the path from the root to the entry.
- RR - Resource Record - entry in the DNS. An RR consists of an
owner name (the DNS name associated with the RR), a class, a type,
and some type-dependent data.
- SET - Secure Electronic Transaction standard
- SDSI [read: sudsy]- Simple Distributed Security Infrastructure
- SPKI - Simple Public Key Infrastructure
- TSA - Time Stamp Authority
- TTP - Trusted Third Party
- URI - Uniform Resource Identifier - seems like a standard proposal for
X.509
- YAPKI - Yet Another Public Key Infrastructure - the name MCG-guys give to
the thing they are not doing