Difference between revisions of "X.509 Certificate"
From MgmtWiki
(→Solutions) |
(→Solutions) |
||
| Line 15: | Line 15: | ||
*At least now the certificates can be checked online and no longer require certificate revocation lists, although the specification still exists. | *At least now the certificates can be checked online and no longer require certificate revocation lists, although the specification still exists. | ||
*The content of a [[Web Site]] certificate is reasonably well defined<ref>DigiCert. ''What extensions and details are included in a SSL certificate?'' https://knowledge.digicert.com/solution/SO18140.html</ref> which makes them still useful for that purpose. | *The content of a [[Web Site]] certificate is reasonably well defined<ref>DigiCert. ''What extensions and details are included in a SSL certificate?'' https://knowledge.digicert.com/solution/SO18140.html</ref> which makes them still useful for that purpose. | ||
| − | *They can be used in other venues such as a digital assertion of the existence of some credential, like the ability to prescribe drugs, or sign a document on behalf of some real-world entity. | + | *They can be used in other venues such as a digital assertion of the existence of some credential, like the ability to prescribe drugs, or sign a digital document on behalf of some real-world entity. |
*On the web a new standard has evolved, the [[Json Web Token]]. | *On the web a new standard has evolved, the [[Json Web Token]]. | ||
==References== | ==References== | ||
Revision as of 09:33, 28 July 2018
Full Name or Meme
A structure defined by the CCITT (now ITU-T) that binds a Subject name to a public key and a set of Attributes.
Context
- Up until the 1970's the Postal and Telecommunications Agencies of the world governments just knew that they were responsible for assigning names and numbers to everything on the planet.
- At that time only a few of the world governments, like the US, had placed the responsibilities for such naming and numbering in private hands.
- Still in the US AT&T acted with the impunity of a government agency, until they were challenged in court by companies like MCI.
- With all of the arrogance of a government body, the ITU's Committee on Communications and International Telephone and Telegraph (CCITT), decided to specifiy the structure of email and the corresponding security.
Problems
- The result was an exceeding ugly encoding of everything they touched, most of which has faded into history, except the X.509 certificate structure.
- The security at the time was based on the paradigm at the time - the credit card industry and the card revocation lists, which were updated every few weeks and needed to be checked by every merchant for every transaction.
Solutions
- At least now the certificates can be checked online and no longer require certificate revocation lists, although the specification still exists.
- The content of a Web Site certificate is reasonably well defined[1] which makes them still useful for that purpose.
- They can be used in other venues such as a digital assertion of the existence of some credential, like the ability to prescribe drugs, or sign a digital document on behalf of some real-world entity.
- On the web a new standard has evolved, the Json Web Token.
References
- ↑ DigiCert. What extensions and details are included in a SSL certificate? https://knowledge.digicert.com/solution/SO18140.html
