1
<?xml version="1.0" encoding="latin1" ?>
2
<!DOCTYPE chapter SYSTEM "chapter.dtd">
7
<year>2003</year><year>2009</year>
8
<holder>Ericsson AB. All Rights Reserved.</holder>
11
The contents of this file are subject to the Erlang Public License,
12
Version 1.1, (the "License"); you may not use this file except in
13
compliance with the License. You should have received a copy of the
14
Erlang Public License along with this software. If not, it can be
15
retrieved online at http://www.erlang.org/.
17
Software distributed under the License is distributed on an "AS IS"
18
basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
19
the License for the specific language governing rights and limitations
24
<title>PKIX Certificates</title>
25
<prepared>UAB/F/P Peter Högfeldt</prepared>
27
<date>2003-06-09</date>
29
<file>pkix_certs.sgml</file>
33
<title>Introduction to Certificates</title>
34
<p><em>Outline:</em></p>
35
<list type="bulleted">
36
<item>SSL/TLS protocol - server must have certificate - -what
37
the the server sends to the client - client may verify the
38
server - server may ask client for certificate - what the
39
client sends to the server - server may then verify the client
40
- verification - certificate chains - root certificates -
41
public keys - key agreement - purpose of certificate - main
42
contents of certificate - contents have increased as time went
43
by - common file formats for certificates.
45
<item>private keys - password protection - key generation - file
48
<item>ssl_pkix and alternate decodings.
50
<item>Attribute Certificates (not used by SSL).
52
<item>Certificate requests - certificate authorities - signing of
53
certificates - certificate revocation lists.
55
<item>standards: ASN.1, X.509, X.520, PKIX, PKCS, PEM.
57
<item>incompatibilities between standards (X.509-1997 vs old) - the
58
ASN.1 problem of ANY, BIT STRING and OCTET STRING - the module
61
<item>test suites: NIST
63
<item>Warnings: *creation* of trusted certificate (OpenSSL).
65
<item>Erlang SSL and certificates
67
<item>The need for seeding the random generator. See also John
68
S. Denker: High-Entropy Symbol Generator
69
(http://www.monmouth.com/~jsd).
71
<item>links to standards and documents. Books (Rescorla).
73
<item>ASN.1 crash course.
75
<item>Nagel algorithm.
78
<p>For an introduction to ASN.1 see <url href="http://asn1.elibel.tm.fr/">ASN.1 Information Site</url>.