Browse Prior Art Database

Internet X.509 Public Key Infrastructure Certificate and CRL Profile (RFC2459)

IP.com Disclosure Number: IPCOM000003037D
Original Publication Date: 1999-Jan-01
Included in the Prior Art Database: 2000-Sep-13

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

R. Housley: AUTHOR [+4]

Abstract

This memo profiles the X.509 v3 certificate and X.509 v2 CRL for use in the Internet. An overview of the approach and model are provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms (e.g., IP addresses). Standard certificate extensions are described and one new Internet-specific extension is defined. A required set of certificate extensions is specified. The X.509 v2 CRL format is described and a required extension set is defined as well. An algorithm for X.509 certificate path validation is described. Supplemental information is provided describing the format of public keys and digital signatures in X.509 certificates for common Internet public key encryption algorithms (i.e., RSA, DSA, and Diffie-Hellman). ASN.1 modules and examples are provided in the appendices.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 1% of the total text.

Network Working Group R. Housley

Request for Comments: 2459 SPYRUS

Category: Standards Track W. Ford

VeriSign

W. Polk

NIST

D. Solo

Citicorp

January 1999

Internet X.509 Public Key Infrastructure

Certificate and CRL Profile

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1999). All Rights Reserved.

Abstract

This memo profiles the X.509 v3 certificate and X.509 v2 CRL for use

in the Internet. An overview of the approach and model are provided

as an introduction. The X.509 v3 certificate format is described in

detail, with additional information regarding the format and

semantics of Internet name forms (e.g., IP addresses). Standard

certificate extensions are described and one new Internet-specific

extension is defined. A required set of certificate extensions is

specified. The X.509 v2 CRL format is described and a required

extension set is defined as well. An algorithm for X.509 certificate

path validation is described. Supplemental information is provided

describing the format of public keys and digital signatures in X.509

certificates for common Internet public key encryption algorithms

(i.e., RSA, DSA, and Diffie-Hellman). ASN.1 modules and examples are

provided in the appendices.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",

"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this

document are to be interpreted as described in RFC 2119.

Please send comments on this document to the ietf-pkix@imc.org mail

list.

TTTTaaaabbbblllleeee ooooffff CCCCoooonnnntttteeeennnnttttssss

1 Introduction ................................................ 5

2 Requirements and Assumptions ................................ 6

2.1 Communi...