Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2 (RFC2559)

IP.com Disclosure Number: IPCOM000003145D
Original Publication Date: 1999-Apr-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 10 page(s) / 21K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

S. Boeyen: AUTHOR [+3]

Abstract

The protocol described in this document is designed to satisfy some of the operational requirements within the Internet X.509 Public Key Infrastructure (IPKI). Specifically, this document addresses requirements to provide access to Public Key Infrastructure (PKI) repositories for the purposes of retrieving PKI information and managing that same information. The mechanism described in this document is based on the Lightweight Directory Access Protocol (LDAP) v2, defined in RFC 1777, defining a profile of that protocol for use within the IPKI and updates encodings for certificates and revocation lists from RFC 1778. Additional mechanisms addressing PKIX operational requirements are specified in separate documents.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 13% of the total text.

Network Working Group S. Boeyen

Request for Comments: 2559 Entrust

Updates: 1778 T. Howes

Category: Standards Track Netscape

P. Richard

Xcert

April 1999

Internet X.509 Public Key Infrastructure

Operational Protocols - LDAPv2

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1999). All Rights Reserved.

1. Abstract

The protocol described in this document is designed to satisfy some

of the operational requirements within the Internet X.509 Public Key

Infrastructure (IPKI). Specifically, this document addresses

requirements to provide access to Public Key Infrastructure (PKI)

repositories for the purposes of retrieving PKI information and

managing that same information. The mechanism described in this

document is based on the Lightweight Directory Access Protocol (LDAP)

v2, defined in RFC 1777, defining a profile of that protocol for use

within the IPKI and updates encodings for certificates and revocation

lists from RFC 1778. Additional mechanisms addressing PKIX

operational requirements are specified in separate documents.

The key words 'MUST', 'REQUIRED', 'SHOULD', 'RECOMMENDED', and 'MAY'

in this document are to be interpreted as described in RFC 2119.

2. Introduction

This specification is part of a multi-part standard for development

of a Public Key Infrastructure (PKI) for the Internet. This

specification addresses requirements to provide retrieval of X.509

PKI information, including certificates and CRLs from a repository.

This specification also addresses requirements to add, delete and

modify PKI information in a repository. A profile based on the LDAP

version 2 protocol is provided to satisfy these requirements.

3. Model

The PKI components, as defined in PKIX Part 1, which are involved in

PKIX operational protocol interactions include:

- End Entities

- Certification Authorities (CA)

- Repository

End entities an...