P1: JDW
PublicKey WL040/Bidgolio-Vol I WL040-Sample.cls June 19, 2003 16:56 Char Count= 0
FURTHERREADING 165Performance is not the only reason to centralize certifi-
cation path validation. Some organizations want impose
a centralized management discipline with consistent pol-
icy enforcement. If applications use the same trusted path
validation server, consistent results across the organiza-
tion are ensured.GLOSSARY
Attribute authority An entity that is responsible for the
issuance of attribute certificates, assigning privileges to
the certificate holder.
Attribute certificate A data structure that is digitally
signed by an AA that binds attribute values with iden-
tification about its holder.
Certificate policy A named set of rules that indicates
the applicability of a certificate to a particular com-
munity or class of application with common security
requirements.
Certificate revocation list (CRL) A digitally signed list
of certificate serial numbers associated with a set of
certificates that are no longer considered valid by the
certificate issuer.
Certification authority An entity that is responsible for
the issuance of public key certificates, trusted by one
or more certificate users.
Certification practices statement A description of the
practices followed by a certification authority in issu-
ing and managing public key certificates.
Public key certificate A data structure that contains a
user identity, the user’s public key, and other informa-
tion, digitally signed by the CA.
Online certificate status protocol (OCSP) response A
digitally signed response from a trusted server that im-
plements the OCSP that provides status information
for a queried certificate.CROSS REFERENCES
SeeDigital Signatures and Electronic Signatures; Elec-
tronic Payment; Guidelines for a Comprehensive Security
System.FURTHER READING
Adams, C., & Farrell, S. (1999).Internet X.509 public
key infrastructure—Certificate management protocols
(RFC 2510). Retrieved March 2, 2003, from http://
http://www.ietf.org/rfc/rfc2510.txtAdams, C., & Lloyd, S. (1999).Understanding public-key
infrastructure. Indianapolis, IN: Macmillan.
Chokhani, S., & Ford W. (1999).Internet X.509 public key
infrastructure—Certificate policy and certification prac-
tices framework(RFC 2527). Retrieved March 2, 2003
from http://www.ietf.org/rfc/rfc2527.txt
Cooper, D. (2000, May). An efficient use of delta CRLs.Pro-
ceedings of the 2000 IEEE Symposium on Security and
Privacy(pp. 190–202), Los Alamitos, CA: IEEE Com-
puter Society Press.
Housley, R. (2002).Cryptographic message syntax (CMS)
(RFC 3369). Retrieved March 2, 2003, from http://
http://www.ietf.org/rfc/rfc3369.txt
Housley, R., & Polk, T. (2001).Planning for PKI.New York:
Wiley.
Housley, R., Polk, W., Ford, W., & Solo, D. (2002).
Internet X.509 public key infrastructure—Certificate
and certificate revocation list (CRL) profile (RFC
3280). Retrieved March 2, 2003, from http://www.ietf.
org/rfc/rfc3280.txt
International Telecommunication Union-Telecommuni-
cation Standardization Sector (ITU-T). (2000). The
directory—Authentication framework(ITU-T Recom-
mendation X.509).
Kaliski, B. (1998).PKCS #7: Cryptographic message syntax,
version 1.5(RFC 2315). Retrieved March 2, 2003, from
http://www.ietf.org/rfc/rfc2315.txt
Kaliski, B. (1998).PKCS #10: Certification request syntax,
version 1.5(RFC 2314). Retrieved March 2, 2003, from
http://www.ietf.org/rfc/rfc2314.txt
Liu, X., Madson, C., McGrew, D., & Nourse, A. (2001,
September 11).Cisco Systems’ simple certificate en-
rollment protocol (SCEP) (work in progress). Re-
trieved March 2, 2003, from http://www.vpnc.org/
draft-nourse-scep
Myers, M., Adams, C., Solo, D., & Kemp, D. (1999).
Internet X.509 certificate request message format
(RFC 2511). Retrieved March 2, 2003, from http://
http://www.ietf.org/rfc/rfc2511.txt
Myers, M., Ankney, R., Malpani, A., Galperin, S., &
Adams, C. (1999).X.509 Internet public key infras-
tructure—Online certificate status protocol (OCSP)
(RFC 2560). Retrieved July 30, 2002, from http://www.
ietf.org/rfc/rfc2560.txt
Myers, M., Liu, X., Schaad, J., & Weinstein, J. (2000).
Certificate management messages over CMS (RFC
2797). Retrieved from March 2, 2003, http://www.
ietf.org/rfc/rfc2797.txt