Abstract
We present a framework for extending the functionality of LDAP servers from their typical use as a public directory in public key infrastructures. In this framework the LDAP servers are used for administrating infrastructure processes. One application of this framework is a method for providing proof-of-possession, especially in the case of encryption keys. Another one is the secure delivery of software personal security environments.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ITU-T Recommendation X.509. Information Technology-Open Systems Interconnection-The Directory: Public-key and Attribute Certificate Frameworks (March 2000)
Asokan, N., Niemi, V., Laitinen, P.: On the Usefulness of Proof-of-Possession. In: Proceedings of the 2nd Annual PKI Research Workshop, Gaithersburg MD, USA, April 2003, pp. 122–127 (2003)
Chadwick, D.W.: Secure Directories. In: Proceedings of the NATO Advanced Networking Workshop on Advanced Security Technologies in Networking (June 2000)
Dierks, T., Allen, C.: The TLS Protocol Version 1.0. Request for Comments 2246 (January 1999)
Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Transactions on Information Theory IT-22(6), 644–654 (1976)
Hodges, J., Morgan, R.: Lightweight Directory Access Protocol (v3): Technical Specification. Request for Comments 3377 (September 2002)
Hodges, J., Morgan, R., Wahl, M.: Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security. Request for Comments 2830 (May 2000)
Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Request for Comments 3280 (April 2002)
Java Naming and Directory Interface, February 8 (2004), http://java.sun.com/products/jndi/
Myers, J.: Simple Authentication and Security Layer (SASL). Request for Comments 2222 (October 1997)
Myers, M., Adams, C., Solo, D., Kemp, D.: Internet X.509 Certificate Request Message Format. Request for Comments 2511 (March 1999)
Myers, M., Liu, X., Schaad, J., Weinstein, J.: Certificate Management Messages over CMS. Request for Comments 2797 (April 2000)
OpenLDAP Project, February 7 (2004), http://www.openldap.org
RSA Laboratories. PKCS#10 v1.7: Certification Request Syntax Standard (May 2000)
RSA Laboratories. PKCS#12 v1.0: Personal Information Exchange Syntax (June 1999)
Smith, M.: Definition of the inetOrgPerson LDAP Object Class. Request for Comments 2798 (April 2000)
Wahl, M., Alvestrand, H., Hodges, J., Morgan, R.: Authentication Methods for LDAP. Request for Comments 2829 (May 2000)
XML Key Management Specification (XKMS), February 8 (2004), http://www.w3.org/TR/2001/NOTE-xkms-20010330/
ITU-T Recommendation X.500. Information Technology - Open Systems Interconnection - The Directory: Overview of Concepts, Models and Service (February 2001)
ITU-T Recommendation X.509. Information Technology-Open Systems Interconnection-The Directory: Public-key and Attribute Certificate Frameworks (March 2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Karatsiolis, V., Lippert, M., Wiesmaier, A. (2004). Using LDAP Directories for Management of PKI Processes. In: Katsikas, S.K., Gritzalis, S., López, J. (eds) Public Key Infrastructure. EuroPKI 2004. Lecture Notes in Computer Science, vol 3093. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25980-0_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-25980-0_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22216-3
Online ISBN: 978-3-540-25980-0
eBook Packages: Springer Book Archive