Page 585 - StudyBook.pdf
P. 585
Public Key Infrastructure • Chapter 10 569
Figure 10.7 A Sample Driver’s License
Why is this information important? Because it provides crucial information
about the certificate owner.The signature from a state official, or a trusted authority,
states that the information provided by the certificate owner has been verified and
is legitimate, in as much as the trusted authority was able to verify it.
Remembering the difference between the CA and the RA, the CA here is the
government department that oversees the issuance of the driver’s license, whereas
the RA is the individual Registry of Motor Vehicles’ office to which you took your
identifying information when you got your license.
Digital certificates work in almost exactly the same manner, using unique char-
acteristics to describe the identification of a certificate owner.The information
contained in the certificate is part of the X.509 certificate standard, which is dis-
cussed in the following section.
X.509
Before discussing X.509, it is important to know that it was developed from the
X.500 standard. X.500 is a directory service standard that was ratified by the
International Telecommunications Union (ITU-T) in 1988 and modified in 1993
and 1997. It was intended to provide a means of developing an easy-to-use elec-
tronic directory of people that would be available to all Internet users.
The X.500 directory standard specifies a common root of a hierarchical tree.
Contrary to its name, the root of the tree is depicted at the top level, and all other
containers (which are used to create “branches”) are below it.There are several
types of containers with a specific naming convention. In this naming convention,
each portion of a name is specified by the abbreviation of the object type or con-
tainer it represents.A CN= before a username represents it is a “common name,” a
C= precedes a “country,” and an O= precedes “organization.” Compared to
www.syngress.com
