Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Minimum Interoperability Specification for PKI Components (MISPC), Version 1

Published

Author(s)

William E. Burr, Donna F. Dodson, William T. Polk, N Nazario

Abstract

The Minimum Interoperability Specification for PKI Components (MISPC) supports interoperability for a large scale public key infrastructure (PKI) that issues, revokes and manages X.509 version 3 digital signature public key certificates and version 2 certificate revocation lists (CRLs). To the extent possible, this document adopts data formats and transaction sets defined in existing and evolving standards, such as ITU X.509 and the IETF's Internet Public Key Infrastructure Using X.509 Certificates (PKIX) series.In this specification a PKI is broken into five components: certification authorities (CAs) that issue and revoke certificates; organizational registration authorities (ORAs) that vouch for the binding between public keys and certificate holder identities and other attributes; certificate holders that are issued certificates and can sign digital documents; clients that validate digital signatures and their certification paths from a known public key of a trusted CA; and repositories that store and make available certificates and CRLs.The MISPC supports both hierarchical and network trust models. In hierarchical models, trust is delegated by a CA when it certifies a subordinate CA. Trust delegation starts at a root CA that is trusted by every node in the infrastructure. IN network models, trust is established between any two CAs. The MISPC specifies the use of X.509 v3 extensions in certificates to explicitly manage trust relationships.This specification consists primarily of a profile of certificate and CRL extensions and a set of transactions. The transactions include: certification requests, certificate renewal, certificate revocation, and retrieval of certificates and CRLs from repositories.
Citation
Special Publication (NIST SP) - 800-15
Report Number
800-15

Keywords

certificate, certificate revocation list, certification authority (CA), CRL, public key infrastructure (PKI), registration authority, repository, X.509

Citation

Burr, W. , Dodson, D. , Polk, W. and Nazario, N. (1998), Minimum Interoperability Specification for PKI Components (MISPC), Version 1, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=151627 (Accessed June 16, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created January 1, 1998, Updated February 19, 2017