Standards SummaryChapter 1 Introduction to Certificate Management System 77Authentication and Policy ModulesThe top layer of Figure 1-10 consists of authentication and policy modules. Severaldefault modules ship with Certificate Management System; third parties can createtheir own custom modules using the APIs provided above the middleware andsubsystem layers. Modules for all three subsystems work the same way and areinterchangeable.Standards SummaryThis section summarizes the standard message formats and protocols supportedby Certificate Management System.Certificate Management Formats and ProtocolsCertificate Management System supports the following certificate managementformats and protocols. For more details about the proposed PKIX standards listedhere, see http://www.ietf.org/html.charters/pkix-charter.html (underInternet Drafts).• Simple Certificate Enrollment Protocol (SCEP). A certificate managementprotocol jointly developed by Cisco Systems and VeriSign, Inc. CEP is an earlyimplementation of CMC (described later in this list). CEP specifies how adevice communicates with a CA, including how to retrieve the CA’s publickey, how to enroll a device with the CA, and how to retrieve a CRL. CEP usesPKCS #7 and PKCS #10.• Certificate Request Message Format (CRMF). A message format used toconvey a request for a certificate to a Registration Manager or CertificateManager. A proposed standard from the Internet Engineering Task Force(IETF) PKIX working group.• Certificate Management Message Formats (CMMF). Message formats used toconvey certificate requests and revocation requests from end entities to aRegistration Manager or Certificate Manager and to send a variety ofinformation to end entities. A proposed standard from the IETF PKIX workinggroup. CMMF is subsumed by another proposed standard, CMC (next item).