Summary

Recommendation ITU-T X.510 | ISO/IEC 9594-11 provides tools and specification for how to design of protocol specifications having built-in cybersecurity. It provides tools for cryptographic algorithms pluck-in features and for cryptographic algorithm migration; it provides formal specification for cryptographic algorithms not provided by other specifications; and it defines some specific protocols. Finally, it provides an annex giving guidance in cryptographic algorithm migration.

Recommendation ITU-T X.510 | ISO/IEC 9594-11 includes tools for specifications for specifying secure protocols using a cryptographic algorithm pluck-in principle allowing communication protocols to be specified without "hard coding" the types of algorithms but allowing different areas to supplement Recommendation ITU-T X.510 | ISO/IEC 9594-11 with the types of cryptographic algorithms that are relevant for specific areas.

The cryptographic algorithm pluck-in feature is dependent on at algorithms are specified as described in Recommendation ITU-T X.509 | ISO/IEC 9594-8, Recommendation ITU-T X.510 | ISO/IEC 9594-11 add formal algorithm specifications where they otherwise do not exist and it restructure existing formal specification where they rules established in Recommendation ITU-T X.509 | ISO/IEC 9594-8.

Tools are provided for include cryptographic algorithm migration capabilities in communications protocols and an annex provides guidance in use of these tools.

Recommendation ITU-T X.510 | ISO/IEC 9594-11 specifies a general protocol, called the wrapper protocol, that provides cybersecurity for protocols designed for its protection. The wrapper protocol provides authentication, integrity and optionally confidentiality (encryption). The wrapper protocol allows cybersecurity to be provided independently of the protected protocols, which means that security may be enhanced without affecting protected protocol specifications. The wrapper protocol makes use of all the capabilities for cryptographic algorithm pluck-in and migration capabilities. Recommendation ITU-T X.510 | ISO/IEC 9594-11 also specifies three protocols that make use of the wrapper protocol protection. This includes a protocol for maintenance of authorization and validation lists (AVLs), a protocol for subscribing of public-key certificate status and a protocol for accessing a trust broker.