> ITU-T X.509 is a certificate standard and it is not a certificate
> repository standard. So, I didn't understand
> how PGP is able to use X.509? It may be correct that PGP uses LDAP
> repositories for storage/retrieval
> but X.509 integration is an unknown for me.

Most protocols, such as TLS (used for secure web connections) transmit the X.509-certificate in-band. In the beginning of the connections there is a small negotiation, where among other things, the server presents its X.509-certificate. I believe IPSec's key management component IKE does the same. X.509 certificates are however also most commonly stored in LDAP-directories. For instance, everyone who has an electronic ID card in Finland has their certificate not only on the card, but also in the ldap-directory ldap://ldap.fineid.fi/ with a web interface at http://www.fineid.fi/certsearch.asp. Protocols such as Wireless TLS for WAP make it so, that the client only instructs the server to fetch the certificate from the LDAP-directory giving it an LDAP URL. As for e-mail encryption a la S/MIME, I believe the latter is used, ie. an LDAP URL where the certificate can be found that is attached to all messages.

-- 
Toni Heinonen, CISSP
Teleware Oy
+358 (40) 836 1815

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]