| • Science | • People | • Locations | • Timeline |
X.509 was initially issued in 1988 and was begun in association with the X.500 standard and assumed a strict hierarchial system of certificate authorities (CAs) for issuing the certificates. This contrasts with web of trust models, like PGP, where anyone (not just special CAs) may sign (and thus attest to the validity) of others' key certificates. Version 3 of X.509 includes the flexibility to support other topologies like bridges and meshes. It can be used in a peer-to-peer, OpenPGP-like web of trust, but is rarely used that way as of 2004. The X.500 system has never been fully implemented, and the IETF's public-key infrastructure working group has adapted the standard to the more flexible organization of the Internet. In fact, the term, X.509 certificate usually refers to the IETF's PKI Certificate and CRLIn the operation of some cryptosystems, usually PKIs, a certificate revocation list (CRL is a list of certificates which have been revoked, are no longer valid, and should not be relied upon by any system user. A certificate is revoked (and be entered on Profile of the X.509 v3 certificate standard, as specified in RFC 3280.
In the X.509 system, a CA issues a certificate binding a public key to a particular Distinguished Name in the X.500 tradition, or to an Alternative Name such as an email address or a DNS-entry.
An organisation's trusted root certificateIn cryptography and computer security, a root certificate is an unsigned public key certificate, or a self-signed certificate, and is part of a PKI scheme. The most common commercial variety is based on the ISO X. 509 standard. Normally an X. 509 certifics can be distributed to all employees so that they can use the company PKI system. Browsers such as Internet ExplorerInternet Explorer abbreviated IE or MSIE is a proprietary but free-of-charge web browser from Microsoft. It is available for most versions of Microsoft Windows, however Microsoft has now stopped releasing updated versions for any platform aside from Windo, Netscape/ MozillaMozilla (a. the Mozilla Suite or the Mozilla Application Suite and codenamed SeaMonkey is a free, cross-platform Internet software suite, whose components include a web browser, an email client, an HTML editor and an IRC client. Its development was initia and OperaOpera is a cross-platform internet software suite consisting of a web browser, e-mail/ news client, address book, newsfeed reader, IRC chat client, and download manager. It is actively developed by Opera Software of Oslo, Norway. Although Opera is closed come with root certificates pre-installed, so SSL certificates from larger vendors who have paid for the privilege of being pre-installed will work instantly; in essence the browser's owners determine which CAs are trusted third parties. Whilst these root certificates can be removed or disabled, users rarely do so.
X.509 also includes standards for certificate revocation listIn the operation of some cryptosystems, usually PKIs, a certificate revocation list (CRL is a list of certificates which have been revoked, are no longer valid, and should not be relied upon by any system user. A certificate is revoked (and be entered on (CRL) implementations, an often neglected aspect of PKI systems. The IETF-approved way of checking a certificate validity is the Online Certificate Status Protocol (OCSP).