3.4. Supported PKIX Formats and Protocols

The Certificate System supports many of the protocols and formats defined in Public-Key Infrastructure (X.509) by the IETF. Along with the PKIX standards listed here, other PKIX-listed standards are available at http://www.ietf.org/html.charters/pkix-charter.html under the Internet Drafts section.

Table 3.2. PKIX Standards Supported in Certificate System 8.1

Format or Protocol RFC or Draft Description
X.509 version 1 and version 3 Digital certificate formats recommended by the International Telecommunications Union (ITU).
Certificate Request Message Format (CRMF) RFC 4211 A message format to send a certificate request to a CA.
Certificate Management Message Formats (CMMF) Message formats to send certificate requests and revocation requests from end entities to a CA and to return information to end entities. CMMF has been subsumed by another standard, CMC.
Certificate Management Messages over CS (CMC) RFC 5274 A general interface to public-key certification products based on CS and PKCS #10, including a certificate enrollment protocol for RSA-signed certificates with Diffie-Hellman public-keys. CMC incorporates CRMF and CMMF.
Cryptographic Message Syntax (CMS) RFC 2630 A superset of PKCS #7 syntax used for digital signatures and encryption.
PKIX Certificate and CRL Profile RFC 5280 A standard developed by the IETF for a public-key infrastructure for the Internet. It specifies profiles for certificates and CRLs. For more information about certificate and CRL profiles, see http://www.ietf.org/rfc/rfc5280.txt.