Establishing an Interoperable Internet PKI - Chapter 6 discussed the various components of a public key infrastructure (PKI). This chapter continued the discussion of the many different standards and protocols that have been implemented to support PKI.
Interoperability Is Crucial - Standards and protocols are important because they define the basis for how communication will take place.
- The use of standards and protocols provides a common, interoperable environment for securely exchanging information.
- Without these standards and protocols, two entities may independently develop their own method to implement the various components for a PKI, and the two will not be compatible.
- On the Internet, not being compatible and not being able to communicate is not an option.
Protocols that Use and Implement the PKI Standards - Three main standards have evolved over time to implement PKI on the Internet.
- Two of them are based on a third standard, the X.509 standard, and establish complementary standards for implementing PKI. These two standards are Public Key Infrastructure X.509 (PKIX) and Public Key Cryptography Standards (PKCS).
- PKIX defines standards for interactions and operations for four component types: the user (end-entity), certificate authority (CA), registration authority (RA), and the repository for certificates and certificate revocation lists (CRLs).
- PKCS defines many of the lower-level standards for message syntax, cryptographic algorithms, and the like.
- There are other protocols and standards that help define the management and operation of the PKI and related services, such as ISAKMP, XKMS, and CMP.
- WEP is used to encrypt wireless communications in an 802.11 environment and S/MIME for e-mail.
- SSL, TLS, and WTLS are used for secure packet transmission.
- IPSec and PPTP are used to support virtual private networks.
- The Common Criteria establishes a series of criteria from which security products can be evaluated.
- The ISO 17799 standard provides a point from which security policies and practices can be developed in ten areas.
- Various types of publications are available from NIST such as those found in the FIPS series.
|