S/MIME Version 2 Certificate Handling (RFC2312)
Original Publication Date: 1998-Mar-01
Included in the Prior Art Database: 2000-Sep-13
Internet Society Requests For Comment (RFCs)
S. Dusse: AUTHOR [+4]
Status of this Memo
Network Working Group S. Dusse
Request for Comments: 2312 RSA Data Security
Category: Informational P. Hoffman
Internet Mail Consortium
S/MIME Version 2 Certificate Handling
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright (C) The Internet Society (1998). All Rights Reserved.
S/MIME (Secure/Multipurpose Internet Mail Extensions), described in
[SMIME-MSG], provides a method to send and receive secure MIME
messages. In order to validate the keys of a message sent to it, an
S/MIME agent needs to certify that the key is valid. This memo
describes the mechanisms S/MIME uses to create and validate keys
This specification is compatible with PKCS #7 in that it uses the
data types defined by PKCS #7. It also inherits all the varieties of
architectures for certificate-based key management supported by PKCS
#7. Note that the method S/MIME messages make certificate requests
is defined in [SMIME-MSG].
In order to handle S/MIME certificates, an agent has to follow
specifications in this memo, as well as some of the specifications
listed in the following documents:
- "PKCS #1: RSA Encryption", [PKCS-1].
- "PKCS #7: Cryptographic Message Syntax", [PKCS-7]
- "PKCS #10: Certification Request Syntax", [PKCS-10].
Please note: The information in this document is historical material
being published for the public record. It is not an IETF standard.
The use of the word "standard" in this document indicates a standard
for adopters of S/MIME version 2, not an IETF standard.
For the purposes of this memo, the following definitions apply.
ASN.1: Abstract Syntax Notation One, as defined in CCITT X.208.
BER: Basic Encoding Rules for ASN.1, as defined in CCITT X.209.
Certificate: A type that binds an entity's distinguished name to a
public key with a digital signature. This type is defined in CCITT
X.509 [X.509]. This type also contains the distinguished name of the
certificate issuer (the signer), an issuer-specific serial number,
the issuer's signature algorithm identifier, and a validity period.
Certificate Revocation List (CRL): A type that contains information
about certificates whose validity an issuer has prematurely revoked.
The information consists of an issuer name, the time of...