MIL OSI Translation. Region: Germany / Deutschland –
Source: Federal Office for Information Security Date December 21, 2020 The Federal Office for Information Security (BSI) published a technical guideline (TR-02103) on X.509 certificates and certification path validation for the first time on December 21, 2020. X.509 certificates are an important element for encrypted and authenticated communication on the Internet. They are required to validate public keys for public key processes and to confirm the identities of the communication partners using authentication processes. In order to guarantee confidential and authenticated communication, reliable validation of the certificates used is essential. If applications accept invalid certificates, for example due to programming errors, this is just as critical to security as weak points in encryption algorithms. In recent years, many errors have been reported in implementations of certification path validation. They occurred because of incorrect interpretations of the standard or programming errors. To counteract this problem, the BSI carried out a project. Within the project, a test tool (Certification Path Validation Test Tool (CPT)) was developed with which the implementation of the certification path validation can be checked. The knowledge gained during the development of the CPT has been incorporated into the newly published Technical Guideline TR-02103. In particular, it is intended to provide developers of IT security products and operators of certification authorities with recommendations on the content and correct checking of X.509 certificates. In addition to general information on X.509 certificates, the Technical Guideline contains recommendations on the special content of these certificates in various application contexts. An example of this is the use of X.509 certificates for e-mail signature and encryption via S / MIME. The technical guideline also contains information on the correct implementation of the certification path validation.
EDITOR’S NOTE: This article is a translation. Apologies should the grammar and / or sentence structure not be perfect.