Chapter 6. Internet X.509 Public Key Infrastructure (PKIX)

Table of Contents
Overview of the PKIX approach

In this chapter, we shall provide an informal introduction to the PKIX Internet Standards which are being developed by the PKIX Working Group.


To avoid confusion regarding the PKIX terminology, we include the list of terms as they are found in the PKIX document draft-ietf-pkix-roadmap-05. Their full explanation can be found at the Glossary.

Table 6-1. PKIX Terms

Attribute AuthorityAA
Attribute CertificateAC
Certification AuthorityCA
Certificate PolicyCP
Certification Practice StatementCPS
Public Key CertificatePKC
Public Key InfrastructurePKI
Privilege Management InfrastructurePMI
Registration AuthorityRA
Relying Party 
Root CA 
Subordinate CA 
Top CA 

With regard to the term X.509, it comes from the X.500 specification on directory services. The directory services serve as a kind of electronic phonebook, where enabled applications can lookup included entities. Each entity has a identifying record or Certificate and the format of that Certificate follows the recommendation X.509 of the International Telecommunication Union (ITU).

X.500 itself is considered as too difficult to catch on, however, the X.509 format for certificates is used by succesive standards. For more information on X.500, one can read the online book entitiled Understanding X.500 – The Directory by D.W.Chadwick.