SECTION 1 –
GENERAL
1
Scope
2
Normative references
2.1 Identical Recommendations | International Standards
2.2 Paired Recommendations | International Standards equivalent in
technical content
2.3 Other references
3
Definitions
3.1 OSI Reference Model security architecture definitions
3.2 Directory model definitions
3.3 Authentication framework definitions
4
Abbreviations
5
Conventions
SECTION 2 – SIMPLE AUTHENTICATION
6
Simple authentication procedure
6.1 Generation of protected identifying information
6.2 Procedure for protected simple authentication
6.3 User Password attribute type
SECTION 3 – STRONG AUTHENTICATION
7
Basis of strong authentication
8
Obtaining a user’s public key
8.1 Optimization of the amount of information obtained from the
Directory
8.2 Example
9
Digital signatures
10 Strong authentication procedures
10.1 Overview
10.2 One-way authentication
10.3 Two-way authentication
10.4 Three-way authentication
11 Management of keys and
certificates
11.1 Generation of key pairs
11.2 Management of certificates
12 Certificate and CRL extensions
12.1 Introduction
12.2 Key and policy information
12.2.1 Requirements
12.2.2 Certificate and CRL extension fields
12.3 Certificate subject and certificate issuer attributes
12.3.1 Requirements
12.3.2 Certificate and CRL extension fields
12.4 Certification path constraints
12.4.1 Requirements
12.4.2 Certificate extension fields
12.4.3 Certification path processing procedure
12.5 Basic CRL extensions
12.5.1 Requirements
12.5.2 CRL and CRL entry extension fields
12.6 CRL distribution points and delta-CRLs
12.6.1 Requirements
12.6.2 Certificate extension fields
12.6.3 CRL and CRL entry extension fields
12.6.4 Attribute type for delta-CRLs
12.7 Matching rules
12.7.1 Certificate exact match
12.7.2 Certificate match
12.7.3 Certificate pair exact match
12.7.4 Certificate pair match
12.7.5 Certificate list exact match
12.7.6 Certificate list match
12.7.7 Algorithm identifier match
13 Obtaining certified attributes
13.1 Attribute certificates
13.2 Attribute certificate attribute
13.3 Attribute certificate matching rule
13.4 Attribute certificate paths
13.5 Attribute certificate revocation list
Annex A – Authentication
framework in ASN.1
Annex B – Security requirements2)
B.1 Threats
B.2 Security services
B.3 Security mechanisms
B.4 Threats protected against by the security services
B.5 Negotiation of security services and mechanisms
Annex C – An introduction to
public key cryptography3)
Annex D – The RSA4)
public key cryptosystem5)
D.1 Scope and field of application
D.2 Definitions
D.3 Symbols and abbreviations
D.4 Description
D.5 Security requirements
D.5.1 Key lengths
D.5.2 Key generation
D.6 Public exponent
D.7 Conformance
Annex E – Hash functions
E.1 Requirements for hash functions
Annex F – Threats protected
against by the strong authentication method
Annex G – Data
confidentiality
G.1 Introduction
G.2 Data confidentiality by asymmetric encipherment
G.3 Data confidentiality by symmetric encipherment
Annex H – Reference definition of
algorithm object identifiers
Annex I – Bibliography
Annex J – Examples of use of
certification path constraints
J.1 Example 1: Use of
basic constraints
J.2 Example 2: Use of name
constraints
J.3 Example 3: Use of
policy mapping and policy constraints
Annex K – Amendments and
corrigenda