Browse Prior Art Database

Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP (RFC2585)

IP.com Disclosure Number: IPCOM000003172D
Original Publication Date: 1999-May-01
Included in the Prior Art Database: 2019-Feb-11
Document File: 8 page(s) / 10K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

R. Housley: AUTHOR [+1]

Related Documents

10.17487/RFC2585: DOI

Abstract

The protocol conventions described in this document satisfy some of the operational requirements of the Internet Public Key Infrastructure (PKI). This document specifies the conventions for using the File Transfer Protocol (FTP) and the Hypertext Transfer Protocol (HTTP) to obtain certificates and certificate revocation lists (CRLs) from PKI repositories. [STANDARDS-TRACK]

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 31% of the total text.

Network Working Group R. Housley Request for Comments: 2585 SPYRUS Category: Standards Track P. Hoffman IMC May 1999

Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP

Status of this Memo

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1999). All Rights Reserved.

Abstract

The protocol conventions described in this document satisfy some of the operational requirements of the Internet Public Key Infrastructure (PKI). This document specifies the conventions for using the File Transfer Protocol (FTP) and the Hypertext Transfer Protocol (HTTP) to obtain certificates and certificate revocation lists (CRLs) from PKI repositories. Additional mechanisms addressing PKIX operational requirements are specified in separate documents.

1 Introduction

This specification is part of a multi-part standard for the Internet Public Key Infrastructure (PKI) using X.509 certificates and certificate revocation lists (CRLs). This document specifies the conventions for using the File Transfer Protocol (FTP) and the Hypertext Transfer Protocol (HTTP) to obtain certificates and CRLs from PKI repositories. Additional mechanisms addressing PKI repository access are specified in separate documents.

Housley & Hoffman Standards Track [Page 1]

RFC 2585 PKIX Operational Protocols: FTP and HTTP May 1999

1.1. Model

The following is a simplified view of the architectural model assumed by the Internet PKI specifications.

+---+ | C | +------------+ | e | <-------------------->| End entity | | r | Operational +------------+ | t | transactions ^ | | and management | Management | / | transactions | transactions | | | PKI users | C | v | R | -------------------+--+-----------+----------------- | L | ^ ^ | | | | PKI management | | v | entities | R | +------+ | | e | <---------------------| RA | <---+ | | p | Publish certificate +------+ | | | o | | | | s | | | | I | v v | t | +------------+ | o | <------------------------------| CA | | r | Publish certificate +------------+ | y | Publish CRL ^ | | | +---+ Management | transactions | v +------+ | CA | +------+

The components in this model are:

End Entity: user of PKI certificates and/or end user system that is the subject of a certificate;

CA: certification authority;

RA: registration authority, i.e., an optional system to which a CA delegates certain management functions;

Housley & Hoffman Standards Track [Page 2]

RFC 2585 PKIX Operational Protocols: FTP and HTTP May 1999

Repository: a system or collection of distributed systems that store certificates and CRLs and serves as a means of distributing these certificates and CRLs to end entities.

1.2. Certificate and CRL Repository...

Processing...
Loading...