Browse Prior Art Database

Storing Certificates in the Domain Name System (DNS) (RFC2538)

IP.com Disclosure Number: IPCOM000003124D
Original Publication Date: 1999-Mar-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 8 page(s) / 18K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. Eastlake: AUTHOR [+2]

Abstract

Cryptographic public key are frequently published and their authenticity demonstrated by certificates. A CERT resource record (RR) is defined so that such certificates and related certificate revocation lists can be stored in the Domain Name System (DNS).

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 16% of the total text.

Network Working Group D. Eastlake

Request for Comments: 2538 IBM

Category: Standards Track O. Gudmundsson

TIS Labs

March 1999

Storing Certificates in the Domain Name System (DNS)

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1999). All Rights Reserved.

Abstract

Cryptographic public key are frequently published and their

authenticity demonstrated by certificates. A CERT resource record

(RR) is defined so that such certificates and related certificate

revocation lists can be stored in the Domain Name System (DNS).

Table of Contents

Abstract...................................................1

1. Introduction............................................2

2. The CERT Resource Record................................2

2.1 Certificate Type Values................................3

2.2 Text Representation of CERT RRs........................4

2.3 X.509 OIDs.............................................4

3. Appropriate Owner Names for CERT RRs....................5

3.1 X.509 CERT RR Names....................................5

3.2 PGP CERT RR Names......................................6

4. Performance Considerations..............................6

5. IANA Considerations.....................................7

6. Security Considerations.................................7

References.................................................8

Authors' Addresses.........................................9

Full Copyright Notice.....................................10

1. Introduction

Public keys are frequently published in the form of a certificate and

their authenticity is commonly demonstrated by certificates and

related certificate revocation lists (CRLs). A certificate is a

binding, through a cryptographic digital signature, of a public key,

a validity interval and/or conditions, and identity, authorization,

or other information. A certificate revocation list is a list of

certificates that are revoked, and incidental information, all signed

by the signer (issuer) of the revoked certificates. Examples are

X.509 certificates/CRLs in the X.500 directory system or PGP

certificates/revocations used by PGP software.

Section 2 below specifies a CERT resource record (RR) for the storage

of certificates in the Domain Name System.

Section 3 discusses appropriate owner names for CERT RRs.

Sections 4, 5, and 6 below cover p...