Browse Prior Art Database

Certificate Management Messages over CMS (RFC2797)

IP.com Disclosure Number: IPCOM000003396D
Original Publication Date: 2000-Apr-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 38 page(s) / 96K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

M. Myers: AUTHOR [+4]

Abstract

This document defines a Certificate Management protocol using CMS (CMC). This protocol addresses two immediate needs within the Internet PKI community:

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 3% of the total text.

Network Working Group M. Myers

Request for Comments: 2797 VeriSign

Category: Standards Track X. Liu

Cisco

J. Schaad

Microsoft

J. Weinstein

April 2000

Certificate Management Messages over CMS

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2000). All Rights Reserved.

Abstract

This document defines a Certificate Management protocol using CMS

(CMC). This protocol addresses two immediate needs within the

Internet PKI community:

1. The need for an interface to public key certification products and

services based on [CMS] and [PKCS10], and

2. The need in [SMIMEV3] for a certificate enrollment protocol for

DSA-signed certificates with Diffie-Hellman public keys.

A small number of additional services are defined to supplement the

core certificate request service.

Throughout this specification the term CMS is used to refer to both

[CMS] and [PKCS7]. For both signedData and envelopedData, CMS is a

superset of the PKCS7. In general, the use of PKCS7 in this document

is aligned to the Cryptographic Message Syntax [CMS] that provides a

superset of the PKCS7 syntax. The term CMC refers to this

specification.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",

"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this

document are to be interpreted as described in [RFC 2119].

1. Protocol Requirements

- The protocol is to be based as much as possible on the existing

CMS, PKCS#10 and CRMF specifications.

- The protocol must support the current industry practice of a

PKCS#10 request followed by a PKCS#7 response as a subset of the

protocol.

- The protocol needs to easily support the multi-key enrollment

protocols required by S/MIME and other groups.

- The protocol must supply a way of doing all operations in a

<...