Browse Prior Art Database

S/MIME Version 3 Certificate Handling (RFC2632)

IP.com Disclosure Number: IPCOM000003220D
Original Publication Date: 1999-Jun-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 10 page(s) / 26K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

B. Ramsdell: AUTHOR [+2]

Abstract

Status of this Memo

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 11% of the total text.

Network Working Group B. Ramsdell, Editor

Request for Comments: 2632 Worldtalk

Category: Standards Track June 1999

S/MIME Version 3 Certificate Handling

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1999). All Rights Reserved.

1. Overview

S/MIME (Secure/Multipurpose Internet Mail Extensions), described in

[SMIME-MSG], provides a method to send and receive secure MIME

messages. Before using a public key to provide security services, the

S/MIME agent MUST certify that the public key is valid. S/MIME agents

MUST use PKIX certificates to validate public keys as described in

the Internet X.509 Public Key Infrastructure (PKIX) Certificate and

CRL Profile [KEYM]. S/MIME agents MUST meet the certificate

processing requirements documented in this document in addition to

those stated in [KEYM].

This specification is compatible with the Cryptographic Message

Syntax [CMS] in that it uses the data types defined by CMS. It also

inherits all the varieties of architectures for certificate-based key

management supported by CMS.

1.1 Definitions

For the purposes of this memo, the following definitions apply.

ASN.1: Abstract Syntax Notation One, as defined in ITU-T X.680-689.

Attribute Certificate (AC): An X.509 AC is a separate structure from

a subject's public key X.509 Certificate. A subject may have

multiple X.509 ACs associated with each of its public key X.509

Certificates. Each X.509 AC binds one or more Attributes with one of

the subject's public key X.509 Certificates. The X.509 AC syntax is

defined in [X.509]

BER: Basic Encoding Rules for ASN.1, as defined in ITU-T X.690.

Certificate: A type that binds an entity's distinguished name to a

public key with a digital signature. This type is defined in the

Internet X.509 Public Key Infrastructure (PKIX) Certificate and CRL

Profile [KEYM]. This type also contains the distinguished name of the

certificate issuer (the signer), an issuer-specific serial number,

the issuer's signature algorithm identifier, a validity period, and

extensions also defined in that document.

Certificate Revocation List (CRL): A type that contains information

about certificates whose validity an issuer has prematurely revoked.

The information consists of an issuer name, the time of issue, the

next scheduled time of issue, a list of certificate serial numbers

and their associated revocation times, and extensions as defined in

[KEYM]. The CRL is signed by the issuer. The type intended by t...