X.509v3 Certificates for Secure Shell Authentication
نویسندگان
چکیده
This document is subject to BCP 78 and the IETF Trust’s Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
منابع مشابه
On the Generation of X.509v3 Certificates with Biometric Information
We present the kernel implementation of a Mobile Certification Authority (MCA). Our MCA kernel is able to issue digital certificates fully-complying with the X.509v3 standard; it supports either RSA or ECDSA as a public key cryptosystem engine and; it can incorporate biometric-based user identification information (in the form of fingerprint recognition) to the digital certificate. The MCA appl...
متن کاملSuite B Cryptographic Suites for Secure Shell (SSH)
This document describes the architecture of a Suite B compliant implementation of the Secure Shell Transport Layer Protocol and the Secure Shell Authentication Protocol. Suite B Secure Shell makes use of the elliptic curve Diffie-Hellman (ECDH) key agreement, the elliptic curve digital signature algorithm (ECDSA), the Advanced Encryption Standard running in Galois/Counter Mode (AES-GCM), two me...
متن کاملSecure Authentication in Group Communications Using Media Access Control (MAC) Address
We propose adding users’ Media Access Control (MAC) addresses to standard X.509 certificates to provide more secure authentication. Recent patents demonstrate efforts on a X.509 certificate by adding security features in order to establish secure communications. The MAC address can be added by the issuing Certification Authority (CA) to the “extensions” section of the X.509 certificate. We demo...
متن کاملScalable Policy Driven and General Purpose Public Key Infrastructure (PKI)
This paper describes a flexible and general purpose PKI platform providing an easily interoperable security infrastructure. Developed at AT&T Labs, the architecture is part of the UCAID/Internet2 efforts in PKI and scalable security. The architecture can host multiple certificate authorities (CAs) from different vendors in a uniform and scalable manner. This facilitates scalable operation with ...
متن کاملTrust Revoked - Practical Evaluation of OCSP- and CRL-Checking Implementations
When deploying asymmetric cryptography robust ways to reliably link a public key to a certain identity have to be devised. The current standard for doing so are X.509v3 certificates. They are used in HTTPS and SSH as well as in code-, e-mail-, or PDF-signing. This widespread use necessitates the need for an efficient way of revoking such certificates in case of a compromised private key. Two me...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- RFC
دوره 6187 شماره
صفحات -
تاریخ انتشار 2011