Page 586 - StudyBook.pdf
P. 586

570    Chapter 10 • Public Key Infrastructure

             Internet Protocol (IP) domain names (e.g., host.subdomain.domain) the X.500 ver-
             sion of CN=host/C=US/O=Org appears excessively complicated.
                 An old joke goes something like this: If two people with Internet-style e-mail
             addresses want to exchange e-mails, they simply send messages to each other from
             the information on the other person’s business card. If two people wish to
             exchange e-mails, and one has an X.500 style address, he will send a message to the
             person with the Internet-style e-mail address, and won’t expect to receive anything
             until he has done so. If both people have X.500 e-mail addresses, they resort to
             using a fax machine.
                 Each X.500 local directory is considered a directory system agent (DSA).The
             DSA can represent either single or multiple organizations. Each DSA connects to
             the others through a directory information tree (DIT), which is a hierarchical
             naming scheme that provides the naming context for objects within a directory.
                 X.509 is the standard used to define what makes up a digital certificate. Section
             11.2 of X.509 describes a certificate as allowing an association between a user’s dis-
             tinguished name (DN) and the user’s public key.The DN is specified by a naming
             authority (NA) and used as a unique name by the CA who will create the certifi-
             cate.A common X.509 certificate includes the following information (see Figures
             10.8 and 10.9):

                  ■   Serial Number  A unique identifier.
                  ■   Subject The name of the person or company that is being identified.
                      (Sometimes listed as “Issued To”)
                  ■   Signature Algorithm  The algorithm used to create the signature.

                  ■   Issuer  The trusted authority that verified the information and generated the
                      certificate. (Sometimes listed as “Issued By”)

                  ■   Valid From  The date the certificate was activated.
                  ■   Valid to  The last day the certificate can be used.

                  ■   Public Key  The public key that corresponds to the private key.
                  ■   Thumbprint Algorithm  The algorithm used to create the unique value of
                      a certificate.
                  ■   Thumbprint  The unique value of every certificate, which positively identi-
                      fies the certificate. If there is ever a question about the authenticity of a cer-
                      tificate, check this value with the issuer.







          www.syngress.com
   581   582   583   584   585   586   587   588   589   590   591