Standards Summary78 Netscape Certificate Management System Installation and Setup Guide • October 2001• Certificate Management Messages over CMS (CMC). A general interface topublic-key certification products based on CMS and PKCS #10, including acertificate enrollment protocol for DSA-signed certificates with Diffie-Hellmanpublic keys. A proposed standard from the IETF PKIX working group. CMCincorporates CRMF and CMMF. Future versions of Certificate ManagementSystem will support this standard as it is finalized.• Cryptographic Message Syntax (CMS). A superset of PKCS #7 syntax used fordigital signatures and encryption. A proposed standard from the IETF PKIXworking group.• PKIX Certificate and CRL Profile (PKIX Part 1). The first part of the four-partstandard under development by the IETF for a public-key infrastructure for theInternet. Part 1 deals with specifications for certificates and CRLs. CertificateManagement System will support the other PKIX parts as they are finalized.For more information about PKIX Part 1, seeftp://ftp.isi.edu/in-notes/rfc2459.txt.Security and Directory ProtocolsCertificate Management System supports the following security and directoryprotocols:• FIPS PUBS 140-1. Federal Information Standards Publications (FIPS PUBS)140-1 is a US government standard for implementations of cryptographicmodules—that is, hardware or software that encrypts and decrypts data orperforms other cryptographic operations (such as creating or verifying digitalsignatures).• Hypertext Transport Protocol (HTTP) and Hypertext Transport ProtocolSecure (HTTPS). Protocols used to communicate with web servers.• KEYGEN tag. An HTML tag supported by Netscape browsers that generates akey pair for use with a certificate. For more information, seehttp://www.netscape.com/eng/security/comm4-keygen.html.• Lightweight Directory Access Protocol (LDAP) v2, v3. A directory serviceprotocol designed to run over TCP/IP and across multiple platforms. LDAP isa simplified version of Directory Access Protocol (DAP), used to access X.500directories. LDAP is under IETF change control and has evolved to meetInternet requirements.