S/MIME Version 3 Certificate Handling (RFC2632)
Original Publication Date: 1999-Jun-01
Included in the Prior Art Database: 2000-Sep-13
Internet Society Requests For Comment (RFCs)
B. Ramsdell: AUTHOR [+2]
Status of this Memo
Network Working Group B. Ramsdell, Editor
Request for Comments: 2632 Worldtalk
Category: Standards Track June 1999
S/MIME Version 3 Certificate Handling
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright (C) The Internet Society (1999). All Rights Reserved.
S/MIME (Secure/Multipurpose Internet Mail Extensions), described in
[SMIME-MSG], provides a method to send and receive secure MIME
messages. Before using a public key to provide security services, the
S/MIME agent MUST certify that the public key is valid. S/MIME agents
MUST use PKIX certificates to validate public keys as described in
the Internet X.509 Public Key Infrastructure (PKIX) Certificate and
CRL Profile [KEYM]. S/MIME agents MUST meet the certificate
processing requirements documented in this document in addition to
those stated in [KEYM].
This specification is compatible with the Cryptographic Message
Syntax [CMS] in that it uses the data types defined by CMS. It also
inherits all the varieties of architectures for certificate-based key
management supported by CMS.
For the purposes of this memo, the following definitions apply.
ASN.1: Abstract Syntax Notation One, as defined in ITU-T X.680-689.
Attribute Certificate (AC): An X.509 AC is a separate structure from
a subject's public key X.509 Certificate. A subject may have
multiple X.509 ACs associated with each of its public key X.509
Certificates. Each X.509 AC binds one or more Attributes with one of
the subject's public key X.509 Certificates. The X.509 AC syntax is
defined in [X.509]
BER: Basic Encoding Rules for ASN.1, as defined in ITU-T X.690.
Certificate: A type that binds an entity's distinguished name to a
public key with a digital signature. This type is defined in the
Internet X.509 Public Key Infrastructure (PKIX) Certificate and CRL
Profile [KEYM]. This type also contains the distinguished name of the
certificate issuer (the signer), an issuer-specific serial number,
the issuer's signature algorithm identifier, a validity period, and
extensions also defined in that document.
Certificate Revocation List (CRL): A type that contains information
about certificates whose validity an issuer has prematurely revoked.
The information consists of an issuer name, the time of issue, the
next scheduled time of issue, a list of certificate serial numbers
and their associated revocation times, and extensions as defined in
[KEYM]. The CRL is signed by the issuer. The type intended by t...