1     Scope 
 2     Normative references       
        2.1     Identical Recommendations | International Standards          
        2.2     Paired Recommendations | International Standards equivalent in technical content    
        2.3     Other references    
 3     Definitions  
        3.1     OSI Reference Model security architecture definitions        
        3.2     Directory model definitions 
        3.3     Authentication framework definitions          
 4     Abbreviations   
 5     Conventions     
 6     Simple authentication procedure   
        6.1     Generation of protected identifying information       
        6.2     Procedure for protected simple authentication         
        6.3     User Password attribute type         
 7     Basis of strong authentication       
 8     Obtaining a user’s public key       
        8.1     Optimization of the amount of information obtained from the Directory        
        8.2     Example 
 9     Digital signatures  
10     Strong authentication procedures 
       10.1     Overview 
       10.2     One-way authentication    
       10.3     Two-way authentication    
       10.4     Three-way authentication  
11     Management of keys and certificates       
       11.1     Generation of key pairs     
       11.2     Management of certificates
12     Certificate and CRL extensions   
       12.1     Introduction          
       12.2     Key and policy information           
                  12.2.1     Requirements      
                  12.2.2     Certificate and CRL extension fields        
       12.3     Certificate subject and certificate issuer attributes   
                  12.3.1     Requirements      
                  12.3.2     Certificate and CRL extension fields        
       12.4     Certification path constraints         
                  12.4.1     Requirements      
                  12.4.2     Certificate extension fields           
                  12.4.3     Certification path processing procedure   
       12.5     Basic CRL extensions       
                  12.5.1     Requirements      
                  12.5.2     CRL and CRL entry extension fields       
       12.6     CRL distribution points and delta-CRLs    
                  12.6.1     Requirements      
                  12.6.2     Certificate extension fields           
                  12.6.3     CRL and CRL entry extension fields       
                  12.6.4     Attribute type for delta-CRLs     
       12.7     Matching rules      
                  12.7.1     Certificate exact match    
                  12.7.2     Certificate match 
                  12.7.3     Certificate pair exact match         
                  12.7.4     Certificate pair match      
                  12.7.5     Certificate list exact match           
                  12.7.6     Certificate list match        
                  12.7.7     Algorithm identifier match
13     Obtaining certified attributes        
       13.1     Attribute certificates          
       13.2     Attribute certificate attribute          
       13.3     Attribute certificate matching rule   
       13.4     Attribute certificate paths  
       13.5      Attribute certificate revocation list 
Annex  A  –  Authentication framework in ASN.1    
Annex  B  –  Security requirements2)    
        B.1     Threats  
        B.2     Security services   
        B.3     Security mechanisms         
        B.4     Threats protected against by the security services   
        B.5     Negotiation of security services and mechanisms    
Annex  C  –  An introduction to public key cryptography3)    
Annex  D  –  The RSA4) public key cryptosystem5)    
        D.1     Scope and field of application        
        D.2     Definitions 
        D.3     Symbols and abbreviations
        D.4     Description           
        D.5     Security requirements        
                  D.5.1     Key lengths          
                  D.5.2     Key generation    
        D.6     Public exponent    
        D.7     Conformance        
Annex  E  –  Hash functions    
        E.1     Requirements for hash functions     
Annex  F  –  Threats protected against by the strong authentication method    
Annex  G  –  Data confidentiality    
        G.1     Introduction          
        G.2     Data confidentiality by asymmetric encipherment    
        G.3     Data confidentiality by symmetric encipherment      
Annex  H  –  Reference definition of algorithm object identifiers    
Annex  I  –  Bibliography    
Annex  J  –  Examples of use of certification path constraints    
        J.1     Example 1:  Use of basic constraints           
        J.2     Example 2:  Use of name constraints           
        J.3     Example 3:  Use of policy mapping and policy constraints    
Annex  K  –  Amendments and corrigenda