List of Figures

• 2.1. Some basic cryptographic concepts
• 2.2. Simple key transfer
• 2.3. Digital Signature
• 2.4. A digital certificate
• 2.5. Secure key transfer
• 2.6. Brief example of the DNS hierarchy
• 2.7. Players of a PKI
• 2.8. Message Handling System Model
• 2.9. The PEM Public Key Infrastructure
• 3.1. A sample message
• 3.2. Selecting security functions from menu
• 3.3. Choosing the secure messaging technology to use
• 3.4. Select certificate source
• 3.5. Select encryption key to use
• 3.6. Query for more recipients
• 3.7. The original message tagged for encryption
• 3.8. Encrypted S/MIME message
• 3.9. Sample LDIF data
• 3.10. Corresponding DNS data
• 4.1. Example X.500 Directory
• 4.2. Update Certificate
• 4.3. DNS envelope
• 4.4. LDAP packet, with some structures expanded
• 4.5. Round Trip between two entities
• 4.6. Setting up a TCP connection
• 4.7. Tearing down a TCP connection
• 4.8. Round trips in a DNS Query over UDP
• 4.9. Round Trips in a DNS Query
• 4.10. Round trips in a LDAP Query
• 4.11. Bytes required to transfer a certificate with a 1024 bit RSA key with DNS and LDAP
• 4.12. Queries per second to look up a certificate
• 5.1. Naive data non-existence implementation
• 5.2. ``NXT'' Data-nonexistence implementation
• 5.3. Minimum information disclosure and data non-existence
• 5.4. Final example of how minimum information disclosure and data non-existence would work using NO records
• B.1. 512 bit RSA certificate
• B.2. 1024 bit RSA certificate
• B.3. 2048 bit RSA certificate
• B.4. 512 bit DSA certificate
• B.5. 1024 bit DSA certificate
• B.6. VeriSign 1024 bit RSA certificate