How Can We Help?
X.509 Certificate
What is an X.509 Attribute Certificate?
DEFINITION: The X.509 public-key certificate or the X.509 attribute certificate, as defined by the ISO/ITU-T X.509 standard. Most commonly (including in this document), an X.509 certificate refers to the X.509 public-key certificate.
SOURCE: SP 800-57 Part 1
What is the Impact of X.509 Today?
X.509 certificates & keys are an area of focus today as cyberattacks rise. Private keys are casually stored in devices handling SSL/TLS termination, and in most cases, in plain text without basic encryption. Most enterprises still use manual methods for certificate renewal and SSL certificate generation. This means that people who have full access to a key and its passphrase, or may have a plain text version of the key. The key and certs are stored in various devices and appliances that are managed independently.
This raises a serious concern that an attack on the device or tool storage can compromise private keys. Anyone who has access to the keys can decrypt traffic that flows to the original site, and they can set up phishing sites & steal information and sessions…. a security nightmare.
Supply Chain Relevance
There have been several threats targeting supply chains. These threats can compromise the security of supply chains and can affect the quality and/or safety of products. There is a proposal for a framework for mitigating supply chain threats being circulated. This is where all organizations in the supply chain self-assess their compliance to regulations/requirements. The results of the assessment will be shared with other organizations. In this report, an information-sharing platform using an ITU-T X.509 attribute certificate (ITU-T X.509-1997, ITU-T X.509-2000, IETF RFC 5755) is proposed. The attribute certificate is issued in order to prove that a certain requirement is satisfied and which is shared across the supply chain. An established framework for the issue, deployment and revocation of the certificate can be used. Another benefit of using ITU-T X.509 is that an existing software library for the implementation of the platform can be used.
