Lecture 24: E-Commerce #4 - Advanced Topics

X509 Directories

X.500 is a ITU-T recommendation which defines a directory (ie, a distributed set of servers) which maintain a database of information about users.

X.509 defines a framework for authentication services -- usually as a repository of public key certificates. Such a certificate contains the public key of a user signed with the private key of a trusted certificate authority.

The standard does not specify a particular cryptographic algorithm, although an informative annex of the standard describes the RSA algorithm.

A certificate must, in general, be purchased from a trusted Certificate Authority. For some years, the only authority operating commercially was VeriSign Inc -- in fact, early versions of Netscape would only accept certificates issued by VeriSign. There are now several (but still not very many) companies operating as certificate authorities. Commercial certificates cost in the range of several hundred $US per annum. It's also possible to purchase a private certificate, but takeup rates have been low.

previous | start | next