Credential Format
Name
x509
Standardization (Body, Process)
ITUT
Encoding Scheme
ASN.1
Rich Schemas-Semantic
false
Crypto Agility
true
Selective Disclosure
false
Predicates
false
Signing Algorithm
Name
ECDSA
Implementation Support
many mature implementations
Specification
X9.62-2005
Standardization (Body, Process)
ANSI
Recognition by government authorities (NIST, BSI, ...)
true
Hardware support
true
Unlinkability-Uncorrelatability-Blind signatures possible
false
Security strength
256 / 384 / 512 bit
Post-quantum security
false
Status Algorithm
Name
CRL - certificate revocation list
Recognition by government authorities (NIST, BSI, ...)
true
Category
Deny-List
Observability
true
Key Management (Issuer)
Name
raw public keys (none jwk)
Infrastructure for Key Resolution
false
Key Rotation
false
Key History
false
Party
holder, issuer
Key Management (Holder)
Name
raw public keys (none jwk)
Infrastructure for Key Resolution
false
Key Rotation
false
Key History
false
Party
holder, issuer
Issuance Protocol
Presentation Protocol
Trust Management
Name
X.509 certificates
Implementation Support
broadly available
Description
Trust is managed by way of attributes attested in the certificate (e.g. could be role of an issuer) in combination with trust chains. The ultimate entity in the chain is typically trust anchor recipients need to rely in.