Dismiss
InnovationQ/InnovationQ Plus content will be updated on Sunday, June 25, 10am ET, with new patent and non-patent literature collections. Click here to learn more.
Browse Prior Art Database

Internet X.509 Public Key Infrastructure Certificate Management Protocols (RFC2510)

IP.com Disclosure Number: IPCOM000003094D
Original Publication Date: 1999-Mar-01
Included in the Prior Art Database: 2000-Sep-13

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

C. Adams: AUTHOR [+2]

Abstract

This document describes the Internet X.509 Public Key Infrastructure (PKI) Certificate Management Protocols. Protocol messages are defined for all relevant aspects of certificate creation and management. Note that "certificate" in this document refers to an X.509v3 Certificate as defined in [COR95, X509-AM].

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 2% of the total text.

Network Working Group C. Adams

Request for Comments: 2510 Entrust Technologies

Category: Standards Track S. Farrell

SSE

March 1999

Internet X.509 Public Key Infrastructure

Certificate Management Protocols

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1999). All Rights Reserved.

Abstract

This document describes the Internet X.509 Public Key Infrastructure

(PKI) Certificate Management Protocols. Protocol messages are defined

for all relevant aspects of certificate creation and management.

Note that "certificate" in this document refers to an X.509v3

Certificate as defined in [COR95, X509-AM].

The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT",

"RECOMMENDED", "MAY", and "OPTIONAL" in this document (in uppercase,

as shown) are to be interpreted as described in [RFC2119].

Introduction

The layout of this document is as follows:

- Section 1 contains an overview of PKI management;

- Section 2 contains discussion of assumptions and restrictions;

- Section 3 contains data structures used for PKI management messages;

- Section 4 defines the functions that are to be carried out in PKI

management by conforming implementations;

- Section 5 describes a simple protocol for transporting PKI messages;

- the Appendices specify profiles for conforming implementations and

provide an ASN.1 module containing the syntax for all messages

defined in this specification.

1 PKI Management Overview

The PKI must be structured to be consistent with the types of

individuals who must administer it. Providing such administrators

with unbounded choices not only complicates the software required but

also increases the chances that a subtle mistake by an administrator

or software developer will result in broader compromise. Similarly,

restricting administrators with cumbersome mechanisms will cause them

not to use the PKI.

Management protocols are REQUIRED to support on-line interactions

between Public Key Infrastructure (PKI) components. For example, a

management protocol might be used between a Certification Authority

(CA) and a client system with which a key pair is associated, or

between two CAs that issue cross-certificates for each other.

1.1 PKI Management Model

Before specifying particular message formats and procedures we first

define the entities involved i...