Category: Secure elliptic curves
Minimum data fields 2 – Digital Certificates and Certification Authorities
Note that the above Critical/Not Critical classification might differ from the guidelines of the Certification Authority Browser Forum (CA/Browser Forum), a consortium of certification authorities, web browser vendors, and companies providing PKI-based applications. The CA/Browser Forum guidelines govern the issuing and management of X.509v3 certificates, including those used for TLS [43]. Figure 10.2 shows some…
Explore MoreMinimum data fields – Digital Certificates and Certification Authorities
10.2.1 Minimum data fields According to X.509v1, a digital certificate has to contain at least the following eight data fields: Figure 10.1 shows some of these minimum data fields for the certificate of the web server www.amazon.com within Google Chrome’s certificate viewer. Figure 10.1: X.509v3 certificate of www.amazon.com as shown by Google Chrome’s certificate viewer…
Explore MoreEnrollment – Digital Certificates and Certification Authorities
10.2.3 Enrollment The process by which Alice obtains a certificate from a CA is called enrollment. There are various options for doing this, but in the most common scenario, Alice first computes a key pair (PKAlice,SKAlice). She then generates a Certificate Signing Request (CSR) and sends it to the CA. The CSR is signed by…
Explore MoreOnline Certificate Status Protocol (OCSP) – Digital Certificates and Certification Authorities
10.2.5 Online Certificate Status Protocol (OCSP) An alternative to CRLs is to use an Online Certificate Status Protocol (OCSP) [110] server, as indicated in the Authority Information Access certificate extension. Compared to CRLs, OCSP provides a more timely revocation information. An OCSP client can transmit a status request for a specific digital certificate to an…
Explore More