X.509 Certificate

From MgmtWiki
Revision as of 08:24, 28 July 2018 by Tom (talk | contribs) (Solutions)

Jump to: navigation, search

Full Name or Meme

A structure defined by the CCITT (now ITU) that binds a Subject name to a public key and a set of Attributes.

Context

  • Up until the 1970's the Postal and Telecommunications Agencies of the world governments just knew that they were responsible for assigning names and numbers to everything on the planet.
  • At that time only a few of the world governments, like the US, had placed the responsibilities for such naming and numbering in private hands.
  • Still in the US AT&T acted with the impunity of a government agency, until they were challenged in court by companies like MCI.
  • With all of the arrogance of a government body, the ITU's Committee on Communications and International Telephone and Telegraph (CCITT), decided to specifiy the structure of email and the corresponding security.

Problems

  • The result was an exceeding ugly encoding of everything they touched, most of which has faded into history, except the X.509 certificate structure.
  • The security at the time was based on the paradigm at the time - the credit card industry and the card revocation lists, which were updated every few weeks and needed to be checked by every merchant for every transaction.

Solutions

  • At least now the certificates can be check online and no longer required certificate revocation lists, although the specification still exists.
  • The content of a Web Site certification is reasonably well defined[1] which makes them still useful.

References

  1. DigiCert. What extensions and details are included in a SSL certificate? https://knowledge.digicert.com/solution/SO18140.html