PKI |
This page was partially updated on 02.May.2004, and has been around since 18.May.1999 |
I have included a powepoint presentation regarding Easy SET (1,5M). This could be interesting for those working in Secure Electronics Transactions. |
- DFN - PCA (The PCA for the German Research Network)
- The UNINETT PCA in Norway and its policy.
- IPRA: Internet PCA Registration Authority (MIT)
- CREN (US Corporation for Research and Educational Networking) CA
- VeriSign, Inc. and its Certificate Practice Statement (CPS)
- SET Demo Certificate Selection from VeriSign, Inc.
- Sun Certificate Authorities
- TradeAuthority
- Thawte Certification Division
- Initiative for Computer Authentication Technology (ICAT) (Alternative site)
- Free certificates by Entrust Technologies
- Spyrus Certification Authorities (Australia)
- Net.Registry (IBM)
- BiNARY SuRGEONS: Certification Services
- SoftForum CA
- EuroTrust: EU Research contract for TTP/CA infrastructure
- Government of Canada Public Key Infrastructure
- AD AEQUITATEM (Univ. of Zaragoza, Spain)
- SISCER (Spain)
- Internet Publishing Services (IPS) (note: Spanish language!)
- SIA CA (note: Italian language!)
- CertCo
- IKS Certification Authority
- CompuSource
- CARYNET Security
- KeyPOST (Australia Post)
- BankGate
- Columbia CA
- Entropia Internet CA
- KAIST network CA (note: Korean language!)
- PVT CA (note: Czech language!)
- South African Certification Agency
- Telecom Italia Net CA (note: Italian language!)
- World Wide Wedlin CA
- Swisskey (discontinued)
- Australian Government Public Key Authority
- NLsign (note: Dutch language!)
- SSB - SpA CA (note: Italian language!)
- Agencia de Certificación Electrónica
- Laboratorio de Criptología (note: Spanish language!)
- Interneto Projektai (note: Lithuanian language!)
- University of Torino (note: Italian language!)
- The USERTRUST Network
- GlobalSign
- Netrust
- Baycorp ID Services Ltd
- Certplus
- Controller of Certification Authorities (Gov. of Singapore)
- CrossCert (Korean Electronic Certification Authority)
- Equifax Secure
- Security Domain Pty Limited
- Certificates Australia Pty Limited
- a-sign (note: German language!)
- FP5 Certification Service (Fifth Framework Programme of the European Community)
- WIS@key
- Tele Danmark certificeringscenter (note: Danish language!)
- AlphaTrust
- ACES - Access Certificates for Electronic Services (US General Services Administration)
- WildID LLC
- TI-TC Trustcenter of the Institute for Telematics (note: German language!)
- EuroPKI
- SURFnet PCA (note: Dutch language!)
- Väestörekisterikeskus: The Finnish Population Register Centre's CA (note: mostly Finnish language!)
- FESTE (note: Spanish language!)
- Powszechne Centrum Certyfikacji
- Viacode (note: will cease operation!)
- Acepta.com (Autoridad Certificadora) (note: Spanish language!)
- E-certify Corporation
- ACES: Access Certificates for Electronic Services
- ORC's DoD IECA: Interim External Certification Authority
- freecerts.com: free WAP test certificates
- beTRUSTed
- TC TrustCenter
- The Bridge-CA
- eSign Australia
- Certall Finland Oy
- DoD PKI (DoD PKI External CAs)
- a-trust (note: German language!)
- Health eSignature Authority Pty Ltd
- ID.Safe
- IG tOP: Trägerschaft öffentliche PKI Schweiz (note: German language!)
- QuoVadis Limited: Bermuda Digital CA
- Certipor: Sociedade Portuguesa de Certificados Digitais, S.A.
- Acertia (note: Spanish language!)
- ICP-Brasil (note: Portuguese language!)
- Identrus
- E-Commerce PKI CA
- Certeca (Offshore CA)
- Digital Signature Trust Company
- BCA: US DoD Bridge Certification Authority Technology Demonstration
- DecidirCA
- MEDePass, Inc.
- euSign S.A.
- TrustCenter berlin.de (note: German language!)
- Ezitrust
- Keystorm
- Geotrust
- SignGATE (Korea Information CA, Inc.)
- SignKorea (note: Korean language!)
- YESSIGN (note: Korean language!)
- Korea Certification Authority Central
- NCASign (note: Korean language!)
- The Federal Bridge-CA (NIST)
- Belgacom E-Trust
- SafeWeb (note: Portuguese language!)
- PKI - Infraestructura de Firma Digital para el Sector Publico - Argentina (note: Spanish language!)
- OpenCerts
- SwUPKI: PKI for Universities and University Colleges in Sweden
- SIGEN-CA (Slovenia)
- SIGOV-CA (Slovenia)
- Gatekeeper (Australia)
- WISeCert
- Portas
- Cacert
- SwisSsign
- SSLpartner
- Scandtrust
- InstantSSL (Comodo Group)
- DigiCert, Inc.
- EuropePKI
- DTCA: D.Trust Certifikacna Autorita (note: Slovakian language!)
- Centrum Certyfikacji Signet (note: Polish language!)
- PKI der FhG (note: German language!)
- Sonera CA (note: Finnish language!)
- Certificado Digital S.A. (note: Spanish language!)
- Post.Trust
- steria (note: Swedish language!)
PGP Certification Authorities:
- DFN - PCA (The PCA for the German Research Network)
- IN-CA: Individual Network e.V. (note: German language!)
- c't - Krypto-Kampagne (note: German language!)
- TC TrustCenter (note: German language!)
- IKS Certification Authority
- AD Certification Service (note: German language!)
- GeFökoM CA (note: German language!)
- SURFnet PCA (note: Dutch language!)
- Powszechne Centrum Certyfikacji
CAs accredited by the German Digital Signature Law ("Signaturgesetz")
- The Root CA: Regulierungsbehörde (note: German language!)
- Deutsche Telekom / TeleSec (note: German language!)
- Signtrust / Deutsche Post eBusiness
- Bundesnotarkammer (note: German language!)
- DATEV eG (note: German language!)
- Medizon AG (note: gone out of business!)
- Steuerberaterkammer Nürnberg (see here also - note: German language!)
- Steuerberaterkammer Saarland (see here also - note: German language!)
- Hanseatische Steuerberaterkammer Bremen (see here also - note: German language!)
- Steuerberaterkammer München (see here also - note: German language!)
- Steuerberaterkammer Berlin (see here also - note: German language!)
- Steuerberaterkammer Stuttgart (see here also - note: German language!)
- Rechtsanwaltskammer Koblenz (see here also - note: German language!)
- Rechtsanwaltskammer Bamberg (see here also - note: German language!)
- AuthentiDate
- TC Trustcenter
- D-Trust
- Hanseatische Rechtsanwaltskammer Hamburg (see here also - note: German language!)
- Steuerberaterkammer Niedersachsen (see here also - note: German language!)
- Wirtschaftsprüferkammer (see here also - note: German language!)
- Rechtsanwaltskammer München (see here also - note: German language!)
- Rechtsanwaltskammer Berlin (see here also - note: German language!)
- Steuerberaterkammer Brandenburg (see here also - note: German language!)
- More Information on the German Digital Signature Act (note: German language!)
- T7 - ISIS (Industrial Signature Interoperability Specification, note: obsolete - this is now ISIS-MTT)
- Rahmenwerk für die einheitliche Spezifizierung der Einsatzbedingungen für Signaturanwendungskomponenten (note: German language!)
CAs accredited by the Italian Digital Signature Law
- Elenco pubblico dei certificatori attivi (note: Italian language!)
- Societa Interbancaria per l'Automazione - Cedborsa S.p.A. (SIA S.p.A.) (note: Italian language!)
- SOCIETA' per i SERVIZI BANCARI - SSB S.p.A. (note: Italian language!)
- BNL Multiservizi S.p.A. (note: Italian language!)
- Infocamere SC.p.A. (note: Italian language!)
- Finital - Finanziaria Italiana S.p.A. (note: Italian language!)
- Saritel S.p.A. (note: Italian language!)
- Postecom S.p.A. (note: Italian language!)
- Societa per Azioni Servizi Centralizzati - Seceti S.p.A. (note: Italian language!)
- Centro Tecnico per la RUPA (note: Italian language!)
- In.Te.S.A. S.p.A. (note: Italian language!)
- ENEL.IT S.p.A. (note: Italian language!)
- Trust Italia S.p.A. (note: Italian language!)
- Cedacrinord S.p.A. (note: Italian language!)
- ACTALIS S.p.A. (note: Italian language!)
CAs licensed by the Utah Digital Signature Act
- Digital Signature Trust Company
- Arcanvs, Inc.
- Universal Secured Enryption Repository Company
- VeriSign, Inc.
CAs licensed by Washington State's Electronic Authentication Act
CAs licensed by Oregon's Electronic Signature Act
CAs licensed by the North Carolina Electronic Commerce Act
CAs licensed by California's Digital Signature Regulations
CAs licensed by Nebraska's Digital Signatures Act
PKI Service Providers approved by the Texas Digital Signature Rule
Information and documents related to the European Directive for Electronic Signatures
- The European Commission: Information Society Website
- EESSI: The European Electronic Signature Standardization Initiative
- ETSI: European Telecommunications Standards Institute
- CEN/ISSS E-Sign: European Committee for Standardization (another site)
- European Commission: Information Society Directorate-General
- The Electronic Signatures Regulations 2002 (UK)
- Supervisory Authority for Electronic Signatures (Austria)
- Status of notification of legal acts implementing the electronic signatures directive
- FESA: Forum of European Supervisory Authorities for Electronic Signatures
- Study report: The legal and market aspects of electronic signatures (PDF version, accompanying website, accompanying website)
- VITAS: Voluntary Trust-service Approval Schemes common interest group
- Prestataire de service de certification (Luxembourg)
- Position paper on the e-signatures review by the American chamber of commerce
CAs licensed under the Gvmt of India IT Act 2000
- Controller of CAs
- IDRBT CA
- TCS Certifying Authority (CA) Services
- National Informatics Center CA
- SafeScrypt
CAs licensed under the Polish Digital Signature Law
- Unizeto CERTUM CA
- Sigillum Polskie Centrum Certyfikacji Elektronicznej (note: Polish language!)
- Centrum Certyfikacji Signet (note: Polish language!)
- KIR S.A. (note: Polish language!)
TTPs registered under the Dutch Wet Elektronische Handtekeningen
- Unieke Zorgverlener Identificatie Register (note: Dutch language!)
- PinkRoccade CSP (note: Dutch language!)
- DigiNotar B.V. (note: Dutch language!)
Digital Signatures:
- US State Digital Signature Laws
- Digital Signature Law Survey
- EFGA: Digital Signature Section
- Summary of international legislation
- Tutorial on Digital Signatures
- Digital Signature Links
- Internet Law & Policy Forum (ILPF): Digital Signature Working Group
- Digital Signature Guidelines
- ICC: General Usage for International Digitally Ensured Commerce
- European Commission Legal Advisory Board: Digital Signatures and Encryption
- W3: Digital Signature Initiative
- UNITED NATIONS (UNCITRAL): Draft Uniform Rules On Electronic Signatures
- Baker & McKenzie: E-Signatures and D-Signatures
- S.761: Electronic Signatures in Global and National Commerce Act (US federal)
- Bill 88: Electronic Commerce Act, 2000 (Canada)
- Projekt ArchiSig
- Fst Ricerca (note: Italian language!)
- Leitfaden Elektronische Signatur (note: German language!)
PGP / OpenPGP / GPG:
- The international PGP Home Page
- The domain pgp.net
- PGP Keyserver
- PGP Web of Trust Statistics
- RFC 1991: "PGP Message Exchange Formats"
- RFC 2015: "MIME Security with Pretty Good Privacy (PGP)"
- PGP Corporation
- PGP Attack FAQ
- PGP International
- Robert (Guerra)'s PGP Links
- RFC 2440: "OpenPGP Message Format"
- PGP DH vs. RSA FAQ
- GnuPG - the GNU Privacy Guard
- Key experiments: How PGP Deals With Manipulated Keys
- Experimental PGP key path finder
- PGPdump Interface
- The DSA Flaw in OpenPGP
- PGP Keyring Analysis
- GPGrelay
- Crypt::OpenPGP
- A security analysis of PGP
- CKS: CryptNET Key Server
- RFC 3156: "MIME Security with OpenPGP"
- Public Key Servers
- Tom McCune's page for PGP
- NAI Letter sent to PGP Customers on Feb, 26th (R.I.P. PGP)
- OpenPKSD
- SKS: the synchronizing keyserver
- OpenCDK
- PKS: OpenPGP Key Server
- onak: OpenPGP Key Server
General World Wide Web Security:
- The World Wide Web Security FAQ
- Java Security FAQ
- Terisa Systems
- IBM's Surf'N'Sign: Signing Documents on the Web
- Tha Java Security Hotlist
- WWW Security Pointers
- Java Security Resources
- Java Filter
- Java Security: Chronology of security-related bugs (Sun)
Secure Socket Layer (SSL) / Transport Layer Security (TLS):
- SSL Protocol Version 2.0 (Draft)
- SSL Protocol Version 3.0 (Draft)
- Netscape Certificate Specifications
- SSLeay and SSLapps FAQ
- SSL-Talk FAQ
- SSLeay Certificate Cookbook (F. J. Hirsch)
- SSLeay 0.6.6 documentation including libcrypto docs
- Introducing SSL and Certificates using SSLeay (F. J. Hirsch)
- Setting up your own certification environment using SSLeay 0.8.1 and MSIE 4.0 (Samuel Liddicott)
- Set up your own CA using free software (Marint Ouwehand)
- Mozilla Crypto Group
- OpenSSL PKCS#12 Program FAQ (Stephen Henson)
- Enabling Network Security with SSLeay
- Test the strength of your browser's crypto
- OpenSSL: The Open Source toolkit for SSL/TLS
- Introduction to SSL
- RFC 2246: "The TLS Protocol Version 1.0"
- BSAFE patches for SSLeay
- PureTLS - free Java-only implementation of SSLv3 and TLSv1
- More SSL related applications from the OpenSSL web site
- pilotSSLeay: port of SSLeay-0.8.1 to the Pilot
- ssldump: SSLv3/TLS network protocol analyzer
- OpenSSL for Win32
- A design weakness of SSL/TLS (H. Krawczyk)
- GNU TLS library
- OpenSSL Examples
- OpenSSL based PKI
- SSLbar
- Which SSL: SSL Certificate Buyers Guide (Comodo Group)
MIME Security:
- Information on S/MIME (IMC)
- S/MIME Freeware Library (SFL)
- S/MIME Mail Security (IETF)
- S/MIME and OpenPGP
- S/MIME tool
- NIST S/MIME Activities
- S/MIME Interop Matrix
- PM-S/MIME: S/MIME Plugin for Pegasus Mail
DNSSEC resources:
- DNS Security (DNSSEC) in CAIRN
- NLnet Labs DNSSEC resources
- IETF: DNS Extensions (dnsext) System Security
- NIC-SE: Reports on DNSSEC
- Report from the Workshop on DNSSEC, Sweden
- DNSsec Internet Drafts
- DNSSEC Related Links
- DNSSEC Paper
- DNSSEC - Software Integration
- Report on IIS DNSSEC Workshop
- SIGZ.net: DNSSEC signed test zone
- Thesis on DNSSEC (M. Gebien)
- Applied Research DNSSEC Pilot
- DNSSEC.net
Implementations / (open source) Toolkits / Products / Vendors:
- SECUDE
- NCSA httpd - Using PGP/PEM encryption
- RSA Euro - Cryptography for the World
- SESAME: Cryptographic applications (secure site)
- Information about TIS/MOSS (TIS)
- SSR: Secure Socket Relay
- Frontier Technolgies: e-Lock (alternative site)
- Baltimore Technologies: UniCERT Certification Authority System
- cryptlib: freely available Encryption Toolkit (Peter Gutmann)
- Apache-SSL: Secure Webserver (Ben Laurie)
- SSLeay
- mod_ssl: Apache interface to SSLeay
- Java Security Toolkit (TU Graz)
- Tools from Diversinet Corp.
- Jonah PKIX: a freeware PKIX (see below) reference implementation (IBM)
- Jonah PKIX: same as above but internationally available! (note: site seems to be dead!)
- J/CA Certification Toolkit (Phaos Corp.)
- Entrust Technologies
- Oscar - DSTC's Public Key Infrastructure Project
- Entegrity Solutions Corp
- Structured Arts Computing Corp
- The OpenCA Project
- SHYM Technology
- pyCA - Software for running a certificate authority
- JCSI - DSTC's Java Crypto and Security Implementation
- Nexus
- Radicchio
- Sendmail-TLS
- Alphaworks/IBM: KeyMan PKI client side management tool
- R&L GmbH: safeX
- M2Crypto Cryptography, SSL and S/MIMEv2 for Python
- NSS + PSM Open Source PKI projects on Mozilla
- Safelayer Secure Communications S. A.
- Conclusive Logic, Inc.
- SSH Certificate Toolkit
- Kyberpass Corporation
- PHAOS Technology
- Celo Communications
- KeyTrust Certificate Explorer (note: German language!)
- Capslock
- Valimo Wireless Oy
- Cylink
- Awanim
- CrypTool
- IDX-PKI
- Biodata Systems GmbH
- Certicom Corp.
- ValiCert
- .pkicomplete
- Java Certification Path API
- trustsuite.de (note: German language!)
- timeproof
- e-Security, Inc.
- Hush Communications
- PKI Group Test (The NSS Group)
- db-order (note: German language!)
- upki
- CertPath APIs (as part of J2SE 1.4)
- BERViewer
- Project Ägypten: Free Software SPHINX Clients
- EJBCA: J2EE Certificate Authority
- AET Europe BV (Advanced Encryption Technology)
- Utimaco Safeware
- HYPERTRUST
- FlexiProvider
- ArticSoft
- SECUonline AG
- Baltimore Keytools
- gpkcs11
- ValiCert ASN.1 Parser
- CryptoEx
- Tekki
- pki.ssh.com
- C&A
- nCipher
- KSIGN Co. Ltd. (Korea)
- Dreamsecurity Co. Ltd. (Korea)
- INITECH Co. Ltd. (Korea)
- OnePKI
- GUIdumpASN
- Tellus Technologies
- CPKtec
- BCQRE (note: Korean language!)
- Glück & Kanja Technology AG
- CSP: Certificate Service Provider
- e-CryptIt Engine 7.0
- SimpleCA (another site
- Evidian
- NewPKI
- Chrysalis-ITS
- Fortrus WebPKI
- Guardeonic
- Evincible
- Libgcrypt
- Ascertia Corp.
- Globus Simple CA Package
- Rainbow CryptoSwift
- AEP SureWare Keyper
- CML: Certificate Management Library
- Oasis Digital Signature Services
- Teraview
- DigiStamp
- Signature Perfect KG
- XCA (XCA at soureforge
- Tarmin Solutions Ltd.
- M2Crypto
- IT Solution GmbH Software for qualified signatures according to German and Austrian Signature Law (Note: German language!)
- PCP: Pure Crypto Project (R. Senderek)
- CoreStreet, Ltd.
- Pi3Web Certification Authority
- eTrust PKI (Computer Associates)
- eTrust OSCPro (Computer Associates)
- Valimo Wireless Ltd.
- Netscape Certificate Server
- Raak Technologies
- Safeway
- Diginus Ltd.
- yaSSL
- cv cryptovision gmbh
- PKI SOFTWARE HOUSE: proCertum products
- mozcert: Mozilla/Firefox enhancement
- Clarios Corp.
- Eracom Technologies
- SecureBlackbox (Eldos Corp.)
- XiCrypt Technologies
- roCA: read-only CA
- Zertificon Solutions GmbH
- AgileCO eTRUST
- Direct2GOV
Literature / Articles / Publications / RFCs:
- X.509 specification (including latest drafts on X.509v4)
- A Survey of Public Key Infrastructures (Marc Branchaud)
- PKI-related activities at NIST (also from the DFN-PCA FTP-Server)
- Secure E-mail (Presentation given by Harald T. Alvestrand)
- Several documents focusing on Electronic Cash from the DFN-PCA FTP-Server
- Sirene Publications
- Certified Electronic Mail (CEM)
- W3: Electronic Payment Schemes (Phillip Hallam-Baker)
- Security and Encryption Links (Peter Gutmann)
- Excellent X.509 Style Guide (Peter Gutmann)
- PEM implementations and documents from the DFN-PCA FTP-Server
- Center for Standards (DISA): PKI Standardization Home Page
- Publications on Java Security et al. (SIP)
- Rethinking PKI and digital certificates --- building in privacy (Thesis of Stefan Brands)
- Compliance Defects in Public-Key Cryptography (D. Davis)
- Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure (B. Schneier, C. Ellison)
- ...and a response to 10 Risks of PKI (A. Perez)
- ...and another response to 10 Risks of PKI (B. Laurie)
- The OpenSource PKI book
- The Public-Key Cryptography Standards (PKCS)
- Conventional PKI: An Artefact Ill-Fitted to the Needs of the Information Society (Roger Clark)
- Excerpts from "The Design and Verification of a Cryptographic Security Architecture" (PhD thesis, Peter Gutmann)
- PKI Publications from ETH, Zürich
- Public Key Cryptography based on Braid Groups
- The Ten Minute CEO Briefing on PKI... (note: site seems to be dead!)
- The Shocking Truth About Digital Signatures and Internet Commerce (J. Winn)
- PKI Policy Pitfalls (M. Bobbitt)
- List of CA's
- An introduction to PKI (and more PKI white papers)
- White Papers on PKI
- Digital Certificates (Roedy Green)
- Collection of PKI related RFCs and internet drafts
- Implementation Problems on PKI
- PKI Policy in the Business Environment (J. Sabo, Y. Dzambasow)
- Vergleichbarkeit von PKI-Policies mittels XML (note: German language!)
- Non-Repudiation in the Digital Environment (A. McCullagh, W. Caelli)
- The Liability Regime for Certification Authorities Towards Third Parties Outwith the EC Directive in England and Germany Compared (S. Hindelang)
- Solar Trust Model (M. Clifford)
- Networking in The Solar Trust Model: Determining Optimal Trust Paths in a Decentralized Trust Network (M. Clifford)
- A vulnerability assessment of roaming soft certificate PKI solutions (S. Wilson)
- PKI Certificate Revocation (Master thesis, A. Arnes)
- Misc PKI publications (Stephen Wilson)
RFCs and internet drafts:
- The IETF Security Area and related IETF working groups
- PKIX: Public Key Infrastructure (X.509)
- RFC 2459: "Certificate and CRL Profile"
- RFC 2510: "Certificate Management Protocols"
- RFC 2511: "Certificate Request Message Format"
- RFC 2527: "Certificate Policy and Certification Practices Framework"
- RFC 2528: "Representation of Key Exchange Algorithm (KEA) Keys in Internet X.509 Public Key Infrastructure Certificates"
- RFC 2559: "Operational Protocols - LDAPv2"
- RFC 2560: "Online Certificate Status Protocol - OCSP"
- RFC 2585: "Operational Protocols - FTP and HTTP"
- RFC 2587: "LDAPv2 Schema"
- RFC 2797: "Certificate Management Messages over CMS"
- RFC 2875: "Diffie-Hellman Proof-of-Possession Algorithms"
- RFC 3029: "Data Validation and Certification Server Protocols"
- RFC 3039: "Qualified Certificates Profile"
- RFC 3161: "Time-Stamp Protocol (TSP)"
- RFC 3279: "Algorithms and Identifiers for the PKIX Certificate and Certificate Revocation List (CRL) Profile"
- RFC 3280: "Certificate and CRL Profile"
- RFC 3281: "An Internet Attribute Certificate Profile for Authorization"
- RFC 3379: "Delegated Path Validation and Delegated Path Discovery Protocol Requirements"
- RFC 3628: "Policy Requirements for Time-Stamping Authorities (TSAs)"
- RFC 3647: "Certificate Policy and Certification Practices Framework"
- RFC 3709: "Logotypes in X.509 Certificates"
- RFC 3739: "Qualified Certificates Profile"
- RFC 3770: "Certificate Extensions and Attributes Supporting Authentication in Point-to-Point Protocol (PPP) and Wireless Local Area Networks (WLAN)"
- RFC 3779: "X.509 Extensions for IP Addresses and AS Identifiers"
- RFC 3820: "Proxy Certificate Profile"
- RFC 3874: "A 224-bit One-way Hash Function: SHA-224"
- RFC 4043: "Permanent Identifier"
- RFC 4055: "Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile"
- S/MIME: S/MIME Mail Security
- RFC 2311: "S/MIME Version 2 Message Specification"
- RFC 2312: "S/MIME Version 2 Certificate Handling"
- RFC 2630: "Cryptographic Message Syntax"
- RFC 2631: "Diffie-Hellman Key Agreement Method"
- RFC 2632: "S/MIME Version 3 Certificate Handling"
- RFC 2633: "S/MIME Version 3 Message Specification"
- RFC 2634: "Enhanced Security Services for S/MIME"
- RFC 2785: "Methods for Avoiding the 'Small-Subgroup' Attacks on the Diffie-Hellman Key Agreement Method for S/MIME"
- RFC 2876: "Use of the KEA and SKIPJACK Algorithms in CMS"
- RFC 2984: "Use of the CAST-128 Encryption Algorithm in CMS"
- RFC 3058: "Use of the IDEA Encryption Algorithm in CMS"
- RFC 3125: "Electronic Signature Policies"
- RFC 3126: "Electronic Signature Formats for long term electronic signatures"
- RFC 3183: "Domain Security Services using S/MIME"
- RFC 3185: "Reuse of CMS Content Encryption Keys"
- RFC 3211: "Password-based Encryption for CMS"
- RFC 3217: "Triple-DES and RC2 Key Wrapping "
- RFC 3218: "Preventing the Million Message Attack on Cryptographic Message Syntax"
- RFC 3274: "Compressed Data Content Type for CMS"
- RFC 3278: "Use of Elliptic Curve Cryptography (ECC) Algorithms in CMS"
- RFC 3369: "Cryptographic Message (CMS)Syntax"
- RFC 3370: "Cryptographic Message Syntax (CMS) Algorithms"
- RFC 3394: "Advanced Encryption Standard (AES) Key Wrap Algorithm"
- RFC 3537: "Wrapping a Hashed Message Authentication Code (HMAC) key ..."
- RFC 3560: "Use of the RSAES-OAEP Key Transport Algorithm in CMS"
- RFC 3565: "Use of the Advanced Encryption Standard (AES) Encryption Algorithm in CMS"
- RFC 3657: "Use of the Camellia Encryption Algorithm in Cryptographic Message Syntax (CMS)"
- RFC 3850: "S/MIME Version 3.1 Certificate Handling"
- RFC 3851: "S/MIME Version 3.1 Certificate Message Specification"
- RFC 3852: "Cryptographic Message Syntax (CMS)"
- RFC 3854: "Securing X.400 Content with S/MIME"
- RFC 3855: "Transporting S/MIME Objects in X.400"
- RFC 4010: "Use of the SEED Encryption Algorithm in Cryptographic Message Syntax (CMS)"
- RFC 4056: "Use of the RSASSA-PSS Signature Algorithm in Cryptographic Message Syntax (CMS)"
- RFC 4134: "Examples of S/MIME Messages"
- TLS: Transport Layer Security
- RFC 2246: "The TLS Protocol Version 1.0"
- RFC 2712: "Addition of Kerberos Cipher Suites to TLS"
- RFC 2817: "Upgrading to TLS Within HTTP/1.1"
- RFC 2818: "HTTP Over TLS"
- RFC 2830: "LDAP v3: Extension for Transport Layer Security"
- RFC 3268: "Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)"
- RFC 3546: "Transport Layer Security (TLS) Extensions"
- RFC 3749: "Transport Layer Security Protocol Compression Methods"
- RFC 4132: "Addition of Camellia Cipher Suites to Transport Layer Security (TLS)"
- SPKI: Simple Public Key Infrastructure (Note: WG has concluded)
- OpenPGP: An Open Specification for Pretty Good Privacy
- IETF/W3C XML Signature WG
- IPSEC: IP Security Protocol
- IPSRA: IP Security Remote Access
- The venerable PEM specification:
- RFC 1421 --- ASCII --- PostScript (195 KB)
- RFC 1422 --- ASCII --- PostScript (156 KB)
- RFC 1423 --- ASCII --- PostScript (76 KB)
- RFC 1424 --- ASCII --- PostScript (46 KB)
- RFC 1847: "Security Multiparts for MIME"
- RFC 1848: "MIME Object Security Services (MOSS)"
- RFC 2015: "MIME Security with Pretty Good Privacy (PGP)"
- RFC 2480: "Gateways and MIME Security Multiparts"
- RFC 3156: "MIME Security with OpenPGP"
- RFC 3174: "US Secure Hash Algorithm 1 (SHA1)"
Miscellaneous PKI and Security stuff:
- TERENA's Security Working Group: WG-SEC
- UKERNA Technology Group Secure Email Project Homepage
- About the Digital Notary Service
- MMMSec: Security in Multimedia - Mail
- Internet Law & Policy Forum (ILPF): CA Working Group
- SPKI: Simple Public Key Infrastrucure (Carl Ellison)
- Electronic Commerce Promotion Council (Japan)
- INFOSEC page from DGXIII of the European Commission
- Meta-Certificate Group
- University of Colorado Certification Practices Statement (DRAFT)
- The Global Trust Register (University of Cambridge)
- Certificate Authority Interoperability Pilot (Internet Council)
- Fortify for Netscape!
- European Certification Authority Forum (ECAF)
- "PKI Architecture" - Network Strategy Report by The Burton Group
- PKI Task Group (Open Group)
- Netscape Object Signing Resources
- "CLOUD COVER" (UK Government)
- The "Thin PKI" concept
- The PKI Forum
- ISETO: The International Secure Electronic Transactions Organisation
- ESCA: Electronic Signatures and Certification Authorities (ITU)
- e-STIO: Electronic Signature Testsuite for Inter-Operability
- Baker & McKenzie: Certification Authorities
- ChamberSign initiative by the British Chambers of Commerce
- The PKI Challenge (EEMA)
- HEPKI: Higher Education PKI
- PKI-COORD: PKI Coordination for Europe
- XKMS: XML Key Management Services (XKMS at w3.org)
- TECS: The Encyclopedia of Computer Security
- WebTrust Program for Certification Authorities
- CertificationAuthorities.com
- globalplatform.org
- SiegeSoft.com (Internet Privacy and Security)
- Project MailTrusT (note: German language!)
- Network and Information Security: Proposal for a European Policy
- ABA's PKI Assessment Guidelines (Draft)
- PKI Symposium 2003 (note: German language!)
- Dartmouth PKI Lab
- De Taskforce PKI Overheid (note: Dutch language!)
- Electronic Commerce for Developing Countries (ITU)
- OpenValidation.org (OCSP test responder)
- VPNC: VPN Consortium
- PKC 2002
- tScheme Ltd
- Internet2 PKI Labs
- Healthcare PKI
- vpnlabs.org
- vpnlabs.com
- SSTC: XML-Based Security Services Technical Committee (OASIS)
- xmltrustcenter.org
- pkilaw.com
- SigLab (note: German language!)
- A bridge CA for Europe's public administrations
- Questionnaire on Public Key Infrastructure applications and requirements for the European Academic Networks
- X.509 path validation test suite (NIST)
- PKI Club
- FreeICP Project
- PKICUG (PKI for Closed User Groups)
- Challenge PKI Project
- PKI Interoperability Project (Japan PKI Forum)
- Chinese PKI Forum (note: Chinese language!)
- Asia PKI Forum
- Foro PKI de Mexico (note: Spanish language!)
- Norwegian PKI Forum (note: Norwegian language!)
- SPES project: Setting the Processes for electronic signatures in European cities
- ECRYPT project: European Network of Excellence for Cryptology