Standard: X.509

Sponsor: ITU (International Telecommunications Union)

Description: X.509 is the international standard for digital certificates used to authenticate digital signatures. Trusted third parties - known as Certificate Authorities (CA) - maintain and make the "certificates" accessible (e.g., in an LDAP or X.500 directory), thereby vouching for the authenticity of the signatures.

Relationship to Records Management: To the degree that strong authentication is required to authenticate E-records via digital signatures, the signatures themselves must be validated. Moreover, the original source documents by which the X.509 certificates are authenticated should be maintained as records for an appropriate period.

Problems/Issues/Weaknesses: Many E-records may not warrant strong authentication. Privacy advocates are concerned about any system that automates the identification of individuals and links them to records of their activities. Prospective Certificate Authorities may be dissuaded from offering such services due to the risk of liability for fraud and misuse. Vendors are offering other alternatives, including various biometric measures iris, face, and fingerprint scans as well as electronically captured handwritten signatures.

The Government Paperwork Elimination Act (GPEA) requires that multiple forms of user authentication be supported for forms that are submitted 50,000 or more times. However, it seems that digital signatures supported by X.509 certificates might be the single, common means of user authentication that should be widely supported for all E-forms and other authenticated documents, regardless of any other means that may also be supported for any particular application.

GSA's ACES project aims to foster the establishment of CAs for private citizens, and the PKI Technical Working Group at NIST is working toward a "bridge" mechanism to provide for digital signature services across Federal agencies.  Due to the widespread use of proprietary systems, technical interoperability is a major challenge.

Closely Related Standards: LDAP and X.500

Links to More Information:

Overview of Certification Systems: X.509, CA, PGP and SKIP, by E. Gerck, Copyright © 1997 by E. Gerck and MCG, published in April 17, 1997 by the MCG

A Survey of Public Key Infrastructures, thesis by Marc Branchaud <> August 14, 1997, Chapter 6, X.509

Table of Contents


Table of Contents and Summary of Recommendation X.509 (08/97)

Proposed Methods to use X.509 Attribute Certificates to store biometric templates

X.509 and Supply Chain Management (SCM) or

Public-Key Infrastructure (X.509) (pkix)

Please convey corrections, updates, or suggested enhancements in this summary to:

Back to FIRM Standards Summaries Index