The ITU.500 series recommendations is intended to facilitate the interconnection of systems to provide directory services. A server or distributed set of servers together hold information that constitutes a directory. This information is used to facilitate communications between applications, people, and communication devices. An example of information provided by a directory is the mapping of user names to network addresses. The X.509 recommendation provides a framework for the provision of authentication service by a directory to its users. The recommendation specifies the form of authentication information held by the directory, describes how authentication information may be obtained from the directory, states the assumptions about how authentication information is formed and placed in the directory, defines ways in which applications may use this authentication information to perform authentication, and describes how other security services may be supported by authentication. An important feature of X.509 is that the directory can hold user certificates, which can be freely communicated within the directory system and obtained by users of the directory. The certificates can contain a user's public key that has been signed by a certificate authority. Many protocols including IP Security, SSL, and TLS described later in the chapter use the X.509 certificate format.
we conclude that each time a user wishes to communicate with another, the user must retrieve not only a certificate for the given user but also a current CRL.
Was this article helpful?