a s i a p a c i f i c n e t w o r k i n f o r m a t i o n c e n t r e apnic open policy meeting sig:...
TRANSCRIPT
![Page 1: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/1.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
APNIC Open Policy Meeting APNIC Open Policy Meeting SIG: Whois DatabaseSIG: Whois Database
October 2000October 2000APNIC Certificate AuthorityAPNIC Certificate Authority
Status ReportStatus Report
![Page 2: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/2.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
APNIC CA ProjectAPNIC CA Project
Part 1Part 1 APNIC CA projectAPNIC CA project Benefits and costsBenefits and costs Project plansProject plans Future developmentsFuture developments ReferencesReferences
Part 2 Part 2 (if requested)(if requested)
Cryptography and PKI OverviewCryptography and PKI Overview
![Page 3: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/3.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
APNIC CA - Why?APNIC CA - Why?
In response toIn response to Membership concern for greater securityMembership concern for greater security
Confidential info exchange with APNICConfidential info exchange with APNIC Is my database transaction secure?Is my database transaction secure?Whose prefixes do you accept?Whose prefixes do you accept?
Internet community interest in security, PKI, Internet community interest in security, PKI, digital certificatesdigital certificates
e.g. rps-authe.g. rps-auth IETF working group: PKIXIETF working group: PKIX
![Page 4: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/4.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
APNIC CA - OverviewAPNIC CA - Overview
Certificate issued to APNIC memberCertificate issued to APNIC member Corresponds to Corresponds to MembershipMembership of APNIC of APNIC Provides uniform mechanism for all security Provides uniform mechanism for all security
needsneeds::Encryption and signature of email with APNICEncryption and signature of email with APNICAuthentication of access to APNIC web siteAuthentication of access to APNIC web siteSecure maintainer mechanism for APNIC databaseSecure maintainer mechanism for APNIC databaseFuture authorisation mechanism for Internet Future authorisation mechanism for Internet
resourcesresourcesAuthentication of resource custodianshipAuthentication of resource custodianship
![Page 5: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/5.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
APNIC CA - Benefits/CostsAPNIC CA - Benefits/Costs
BenefitsBenefits Uniform industry-standard mechanism for “single Uniform industry-standard mechanism for “single
password” security, authentication and authorisationpassword” security, authentication and authorisation Strong public key cryptography, end-to-endStrong public key cryptography, end-to-end
CostsCosts Server and client softwareServer and client software Change to current proceduresChange to current procedures New policiesNew policies Establishment: software purchase and/or developmentEstablishment: software purchase and/or development
![Page 6: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/6.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
APNIC CA - RoadmapAPNIC CA - Roadmap
20 Apr, 2000 30 Jun, 2001
1/5 1/6 1/7 1/8 1/9 1/10 1/11 1/12 1/1 1/2 1/3 1/4 1/5 1/6
Certificate Management System
Authenticated CorrespondanceAuthorised access to website programs
and resources
PKI AAAwithin
Whois Database
CA Selectionand Deployment
PKI Workflow Integration
PKI Whois Integration
Single sign-onfor Membership
![Page 7: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/7.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
Scoping project Oct 1999 - Jan 2000
Phase 1 Apr – Nov 2000
Phase 2 Jan – Jun 2001
APNIC CA - TimelineAPNIC CA - Timeline
![Page 8: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/8.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
APNIC CA - Scoping ProjectAPNIC CA - Scoping Project
October 1999 - January 2000October 1999 - January 2000ObjectivesObjectives
Analyse impact of introducing PKIAnalyse impact of introducing PKI Provide focus for discussionsProvide focus for discussions Raise awareness of PKI in generalRaise awareness of PKI in general
ConclusionsConclusions Significant benefits for members’ securitySignificant benefits for members’ security Growing standards support for PKIGrowing standards support for PKI See: See: http://www.apnic.net/cahttp://www.apnic.net/ca
![Page 9: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/9.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
Requirements Document
April – May
Programming and Testing May – Sep
Initial deployment Sep - Nov
APNIC CA – Phase 1 TimelineAPNIC CA – Phase 1 Timeline
![Page 10: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/10.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
APNIC CA – Phase 1APNIC CA – Phase 1
April – November 2000April – November 2000DeliverablesDeliverables
Selection of CA softwareSelection of CA software Procedures for issuance and revocation of Procedures for issuance and revocation of
Identity certificates to membersIdentity certificates to members Policies for use of APNIC CertificatesPolicies for use of APNIC Certificates Issue trial certificates at APNIC Meeting Issue trial certificates at APNIC Meeting
October 2000October 2000 Risk AnalysisRisk Analysis
![Page 11: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/11.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
CA SoftwareCA Software
CA Architecture based on OpenCACA Architecture based on OpenCA OpenCA uses OpenSSL for PKI APIOpenCA uses OpenSSL for PKI API Apache-SSL with OpenSSLApache-SSL with OpenSSL APNIC developed client certificate layerAPNIC developed client certificate layer Supported Clients:Supported Clients:
Netscape 4.x Navigator and MessengerNetscape 4.x Navigator and MessengerMicrosoft [4|5].x Internet ExplorerMicrosoft [4|5].x Internet ExplorerMicrosoft 5.x Outlook and Outlook ExpressMicrosoft 5.x Outlook and Outlook ExpressAny client using OpenSSL 0.9.[5|6] toolkitAny client using OpenSSL 0.9.[5|6] toolkit
![Page 12: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/12.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
Certificate Issuance WorkflowCertificate Issuance Workflow
Offline Identity Confirmation
Online CertificateRequest
APNIC Member
RA Verifies and Signs
request
CA signs requestcreating certificate
RA makes certificate available for download
and notifies member
Member downloads certificateinto browser or mail client
APNICAPNICMemberMember
APNICAPNICCertificateCertificateAuthorityAuthority
![Page 13: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/13.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
CA ArchitectureCA Architecture
DMZDMZ Internal NetworkInternal Network OfflineOffline
Low trustLow trust Medium trustMedium trust High trustHigh trust
Member’sMember’sBrowserBrowser
RegistrationRegistrationAuthorityAuthority
CertificateCertificateAuthorityAuthority
![Page 14: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/14.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
Certificate Policy Statement (CPS)Certificate Policy Statement (CPS)
Draft CPS available for download at:Draft CPS available for download at: http://www.http://www.apnicapnic.net/ca.net/ca
Member feedback welcomeMember feedback welcome Once completed CPS will be handed to Executive Once completed CPS will be handed to Executive
Council for final approvalCouncil for final approval Future certificates will be issued under this CPSFuture certificates will be issued under this CPS NOTE: Certificates issued this week as part of NOTE: Certificates issued this week as part of
pilot testing are NOT issued under this CPSpilot testing are NOT issued under this CPS
![Page 15: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/15.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
APNIC CA – Phase 2APNIC CA – Phase 2
January – June 2001January – June 2001DeliverablesDeliverables
Browser and deployment issues analysisBrowser and deployment issues analysis Certificates used for website access controlCertificates used for website access control Prototype X509 certificates in whois databasePrototype X509 certificates in whois database Strong encryption for member correspondenceStrong encryption for member correspondence Trial issuance of Attribute Certificates with Trial issuance of Attribute Certificates with
resource allocationresource allocation
![Page 16: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/16.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
APNIC CA - FutureAPNIC CA - Future
Generalised CA functionGeneralised CA function APNIC Certificates may be used for general APNIC Certificates may be used for general
purposespurposes Requires tight policy and quality framework for Requires tight policy and quality framework for
APNIC certificates to be trustedAPNIC certificates to be trusted
Hierarchical certificationHierarchical certification APNIC Members may use their certificates to APNIC Members may use their certificates to
certify their own members or customerscertify their own members or customers May be applicable for ISPs and NIRsMay be applicable for ISPs and NIRs
![Page 17: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/17.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
APNIC CA - FutureAPNIC CA - Future
Public Key CertificatesPublic Key Certificates X.509 certificate linking a Public Key to an X.509 certificate linking a Public Key to an
identity, issued by CAidentity, issued by CA
Attribute CertificatesAttribute Certificates X.509 certificate linking Attributes to an identity, X.509 certificate linking Attributes to an identity,
issued by CA or other authorityissued by CA or other authority Provides Provides authorisationauthorisation, rather than , rather than
authentication,authentication, information information Not yet widely deployed or supportedNot yet widely deployed or supported
![Page 18: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/18.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
APNIC CA - ConsultationAPNIC CA - Consultation
Mailing list open after Apricot2000Mailing list open after Apricot2000 [email protected]@lists.apnic.net http://www.apnic.net/wilma-bin/wilma/pki-wghttp://www.apnic.net/wilma-bin/wilma/pki-wg
Further developmentsFurther developments See: See: http://www.apnic.net/cahttp://www.apnic.net/ca
![Page 19: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/19.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
APNIC CA - DocumentsAPNIC CA - Documents
IETF PKIX drafts:IETF PKIX drafts:
draft-ietf-pkix-roadmap-04.txtdraft-ietf-pkix-roadmap-04.txt““Internet X.509 Public Key Infrastructure PKIX RoadmapInternet X.509 Public Key Infrastructure PKIX Roadmap””
draft-clynn-bgp-x509-auth-01.txtdraft-clynn-bgp-x509-auth-01.txt““X.509 Extensions for Authorization of IP Addresses AS X.509 Extensions for Authorization of IP Addresses AS
Numbers, and Routers within an AS”Numbers, and Routers within an AS”
draft-ietf-pkix-ac509prof-01.txtdraft-ietf-pkix-ac509prof-01.txt““An Internet Attribute Certificate Profile for Authorization”An Internet Attribute Certificate Profile for Authorization”
http://www.ietf.org/html.charters/pkix-charter.htmlhttp://www.ietf.org/html.charters/pkix-charter.html
![Page 20: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/20.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
Questions?Questions?
![Page 21: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/21.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
APNIC Open Policy Meeting APNIC Open Policy Meeting October 2000October 2000
Part 2Part 2
PKI OverviewPKI Overview
![Page 22: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/22.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
Cryptography - TermsCryptography - Terms
Public key cryptographyPublic key cryptography Cryptography technique using different keys for Cryptography technique using different keys for
encoding and decoding messagesencoding and decoding messages
KeypairKeypair Private key and public key, generated together, Private key and public key, generated together,
used in public key cryptographyused in public key cryptography
Encryption/DecryptionEncryption/Decryption To encode/decode a message using a public or To encode/decode a message using a public or
private keyprivate key
![Page 23: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/23.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
Decrypt
Message
Transmit
EncryptedMessage
Public Key CryptographyPublic Key Cryptography- Encryption- Encryption
Encrypt
EncryptedMessageMessage
Keypair
Retrieve Public Key
![Page 24: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/24.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
Decrypt
Message
Transmit
“Signed”Message
Public Key Cryptography Public Key Cryptography - Encryption- Encryption
Encrypt
“Signed”MessageMessage
Keypair
Retrieve Public Key
![Page 25: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/25.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
Public Key Cryptography Public Key Cryptography - Digital Signature- Digital Signature
Assemble
SignedMessage
Digest
Hash
SignatureEncrypt
Message
Keypair
![Page 26: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/26.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
Public Key Cryptography Public Key Cryptography - Digital Signature- Digital Signature
Signature
Message
Digest
Valid?
SignedMessage
DigestDecrypt
Retrieve Public Key
![Page 27: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/27.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
PKI - TerminologyPKI - Terminology
Public Key Infrastructure (PKI)Public Key Infrastructure (PKI) Administrative structure for support of public Administrative structure for support of public
key cryptographykey cryptography
Public Key Certificate (Digital Certificate)Public Key Certificate (Digital Certificate) Document linking a Public Key to an identity, Document linking a Public Key to an identity,
signed by a CA, defined by X.509signed by a CA, defined by X.509
Certificate Authority (CA)Certificate Authority (CA) Trusted authority which issues digital Trusted authority which issues digital
certificatescertificates
![Page 28: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/28.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
Digital CertificatesDigital Certificates
A digital certificate contains:A digital certificate contains: Identity detailsIdentity details
eg Personal ID, email address, web site URLeg Personal ID, email address, web site URL
Public key of identityPublic key of identity Issuer (Certification Authority)Issuer (Certification Authority) Validity periodValidity period AttributesAttributes
The certificate is The certificate is signedsigned by the CA by the CA
![Page 29: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/29.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
Digital Certificate - ExampleDigital Certificate - Example
Certificate ::= SEQUENCE {Certificate ::= SEQUENCE {
tbsCertificate tbsCertificate TBSCertificate,TBSCertificate,
signatureAlgorithm signatureAlgorithm AlgorithmIdentifier,AlgorithmIdentifier,
signature signature BIT STRINGBIT STRING
}}
TBSCertificate ::= SEQUENCE {TBSCertificate ::= SEQUENCE {
version version [0] [0] EXPLICIT Version DEFAULT v1,EXPLICIT Version DEFAULT v1,
serialNumber serialNumber CertificateSerialNumber,CertificateSerialNumber,
signature signature AlgorithmIdentifier,AlgorithmIdentifier,
issuer issuer Name,Name,
validity validity Validity,Validity,
subject subject Name,Name,
subjectPublicKeyInfo subjectPublicKeyInfo SubjectPublicKeyInfo,SubjectPublicKeyInfo,
issuerUniqueID issuerUniqueID [1] [1] IMPLICIT UniqueIdentifier OPTIONAL,IMPLICIT UniqueIdentifier OPTIONAL,
subjectUniqueID subjectUniqueID [2] [2] IMPLICIT UniqueIdentifier OPTIONAL,IMPLICIT UniqueIdentifier OPTIONAL,
extensions extensions [3] [3] EXPLICIT Extensions OPTIONALEXPLICIT Extensions OPTIONAL
}}
![Page 30: A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority](https://reader035.vdocuments.us/reader035/viewer/2022070307/551b6efa550346a6148b4e56/html5/thumbnails/30.jpg)
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E
Digital Certificate - LifecycleDigital Certificate - Lifecycle
Key Pair Generated
Certificate Issued
Certificate valid and in use Private Key
compromised
Certificate Expires
Recertify
Certificate Revoked
Keypair Expired