Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Toni Heinonen (Toni.Heinonenteleware.fi)
Date: Wed Jan 23 2002 - 12:21:21 CST
> ITU-T X.509 is a certificate standard and it is not a certificate
> repository standard. So, I didn't understand
> how PGP is able to use X.509? It may be correct that PGP uses LDAP
> repositories for storage/retrieval
> but X.509 integration is an unknown for me.
Most protocols, such as TLS (used for secure web connections) transmit the X.509-certificate in-band. In the beginning of the connections there is a small negotiation, where among other things, the server presents its X.509-certificate. I believe IPSec's key management component IKE does the same. X.509 certificates are however also most commonly stored in LDAP-directories. For instance, everyone who has an electronic ID card in Finland has their certificate not only on the card, but also in the ldap-directory ldap://ldap.fineid.fi/ with a web interface at http://www.fineid.fi/certsearch.asp. Protocols such as Wireless TLS for WAP make it so, that the client only instructs the server to fetch the certificate from the LDAP-directory giving it an LDAP URL. As for e-mail encryption a la S/MIME, I believe the latter is used, ie. an LDAP URL where the certificate can be found that is attached to all messages.
-- Toni Heinonen, CISSP Teleware Oy +358 (40) 836 1815