Multiple Public-Key Algorithm X.509 Certificates
draft-truskovsky-lamps-pq-hybrid-x509-01
| Document | Type | Expired Internet-Draft (individual) | |
|---|---|---|---|
| Last updated | 2019-03-02 (latest revision 2018-08-29) | ||
| Stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats |
Expired & archived
pdf
htmlized
bibtex
|
||
| Stream | Stream state | (No stream defined) | |
| Consensus Boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
https://www.ietf.org/archive/id/draft-truskovsky-lamps-pq-hybrid-x509-01.txt
Abstract
This document describes a method of embedding alternative sets of cryptographic materials into X.509v3 digital certificates, X.509v2 Certificate Revocation Lists (CRLs), and PKCS #10 Certificate Signing Requests (CSRs). The embedded alternative cryptographic materials allow a Public Key Infrastructure (PKI) to use multiple cryptographic algorithms in a single object, and allow it to transition to the new cryptographic algorithms while maintaining backwards compatibility with systems using the existing algorithms. Three X.509 extensions and three PKCS #10 attributes are defined, and the signing and verification procedures for the alternative cryptographic material contained in the extensions and attributes are detailed.
Authors
Alexander Truskovsky
(alexander.truskovsky@isara.com)
Daniel Van Geest
(daniel.vangeest@isara.com)
Scott Fluhrer
(sfluhrer@cisco.com)
Panos Kampanakis
(pkampana@cisco.com)
Mike Ounsworth
(mike.ounsworth@entrustdatacard.com)
Serge Mister
(serge.mister@entrustdatacard.com)
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)