Multiple Public-Key Algorithm X.509 Certificates
draft-truskovsky-lamps-pq-hybrid-x509-01
Document | Type | Expired Internet-Draft (individual) | |
---|---|---|---|
Authors | Alexander Truskovsky , Daniel Van Geest , Scott Fluhrer , Panos Kampanakis , Mike Ounsworth , Serge Mister | ||
Last updated | 2019-03-02 (latest revision 2018-08-29) | ||
Stream | (None) | ||
Intended RFC status | (None) | ||
Formats |
Expired & archived
pdf
htmlized (tools)
htmlized
bibtex
|
||
Stream | Stream state | (No stream defined) | |
Consensus Boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Expired | |
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | (None) |
https://www.ietf.org/archive/id/draft-truskovsky-lamps-pq-hybrid-x509-01.txt
Abstract
This document describes a method of embedding alternative sets of cryptographic materials into X.509v3 digital certificates, X.509v2 Certificate Revocation Lists (CRLs), and PKCS #10 Certificate Signing Requests (CSRs). The embedded alternative cryptographic materials allow a Public Key Infrastructure (PKI) to use multiple cryptographic algorithms in a single object, and allow it to transition to the new cryptographic algorithms while maintaining backwards compatibility with systems using the existing algorithms. Three X.509 extensions and three PKCS #10 attributes are defined, and the signing and verification procedures for the alternative cryptographic material contained in the extensions and attributes are detailed.
Authors
Alexander Truskovsky
(alexander.truskovsky@isara.com)
Daniel Van Geest
(daniel.vangeest@isara.com)
Scott Fluhrer
(sfluhrer@cisco.com)
Panos Kampanakis
(pkampana@cisco.com)
Mike Ounsworth
(mike.ounsworth@entrustdatacard.com)
Serge Mister
(serge.mister@entrustdatacard.com)
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)