Multiple Public-Key Algorithm X.509 Certificates
draft-truskovsky-lamps-pq-hybrid-x509-01
| Document | Type | Expired Internet-Draft (individual) | |
|---|---|---|---|
| Authors | Alexander Truskovsky , Daniel Van Geest , Scott Fluhrer , Panos Kampanakis , Mike Ounsworth , Serge Mister | ||
| Last updated | 2019-03-02 (Latest revision 2018-08-29) | ||
| Stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats |
Expired & archived
plain text
xml
htmlized
pdfized
bibtex
|
||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
https://www.ietf.org/archive/id/draft-truskovsky-lamps-pq-hybrid-x509-01.txt
Abstract
This document describes a method of embedding alternative sets of cryptographic materials into X.509v3 digital certificates, X.509v2 Certificate Revocation Lists (CRLs), and PKCS #10 Certificate Signing Requests (CSRs). The embedded alternative cryptographic materials allow a Public Key Infrastructure (PKI) to use multiple cryptographic algorithms in a single object, and allow it to transition to the new cryptographic algorithms while maintaining backwards compatibility with systems using the existing algorithms. Three X.509 extensions and three PKCS #10 attributes are defined, and the signing and verification procedures for the alternative cryptographic material contained in the extensions and attributes are detailed.
Authors
Alexander Truskovsky
Daniel Van Geest
Scott Fluhrer
Panos Kampanakis
Mike Ounsworth
Serge Mister
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)