Browse Prior Art Database

Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile (RFC3280)

IP.com Disclosure Number: IPCOM000007992D
Original Publication Date: 2002-Apr-01
Included in the Prior Art Database: 2002-May-10

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

R. Housley: AUTHOR [+4]

Abstract

This memo profiles the X.509 v3 certificate and X.509 v2 Certificate Revocation List (CRL) for use in the Internet. An overview of this approach and model are provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms. Standard certificate extensions are described and two Internet-specific extensions are defined. A set of required certificate extensions is specified. The X.509 v2 CRL format is described in detail, and required extensions are defined. An algorithm for X.509 certification path validation is described. An ASN.1 module and examples are provided in the appendices.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 1% of the total text.

Network Working Group                                         R. Housley

Request for Comments: 3280                              RSA Laboratories

Obsoletes: 2459                                                  W. Polk

Category: Standards Track                                           NIST

                                                                 W. Ford

                                                                VeriSign

                                                                 D. Solo

                                                               Citigroup

                                                              April 2002

                Internet X.509 Public Key Infrastructure

       Certificate and Certificate Revocation List (CRL) Profile

Status of this Memo

   This document specifies an Internet standards track protocol for the

   Internet community, and requests discussion and suggestions for

   improvements.  Please refer to the current edition of the "Internet

   Official Protocol Standards" (STD 1) for the standardization state

   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

Abstract

   This memo profiles the X.509 v3 certificate and X.509 v2 Certificate

   Revocation List (CRL) for use in the Internet.  An overview of this

   approach and model are provided as an introduction.  The X.509 v3

   certificate format is described in detail, with additional

   information regarding the format and semantics of Internet name

   forms.  Standard certificate extensions are described and two

   Internet-specific extensions are defined.  A set of required

   certificate extensions is specified.  The X.509 v2 CRL format is

   described in detail, and required extensions are defined.  An

   algorithm for X.509 certification path validation is described.  An

   ASN.1 module and examples are provided in the appendices.

Table of Contents

   1  Introduction  . . . . . . . . . . . . . . . . . . . . . .   4

   2  Requirements and Assumptions  . . . . . . . . . . . . . .   5

   2.1  Communication and Topology  . . . . . . . . . . . . . .   6

   2.2  Acceptability Criteria  . . . . . . . . . . . . . . . .   6

   2.3  User Expectations . . . . . . . . . . . . . . . . . . .   7

   2.4  Administrator Expectations  . . . . . . . . . . . . . .   7

   3  Overview of Approach  . . . . . . . . . . . . . . . . . .   7

Housley, et. al.            Standards Track                     [Page 1]

RFC 3280        Internet X.509 Public Key Infrastructure      April 2002

   3.1  X.509 Version 3 Certificate . . . . . . . . . . . . . .   8

   3.2  Certification Paths and Trust . . . . . . . . . . . . .   9

   3.3  Revocation  . . . . . . . . . . . . . . . . . . . . . .  11

   3.4  Operational Protocols . . . . . . . . . . . . . . . . .  13

   3.5  Management Protocols  . . . . . . . . . . . . . . . . .  13

   4  Certificate and Certificate Extensions Profile  . . . . .  14

   4.1  Basic Certificate Fields  . . . . . . . . . . . . . . .  15

   4.1.1  Certificate Fields  . . . . . . . . . . . . . . . . .  16

   4.1.1.1  tbsCertificate  . . . . . . . . . . . . . . . . . .  16

   4.1.1.2  signatureAlgorithm  . . . . . . . . . . . . . . . .  16

   4.1.1.3  signatureValue  . . . . . . . . . . . . . . . . . .  16

   4.1.2  TBSCertificate  . . . . . . . . . . . . . . . . . . .  17

   4.1.2.1  Version . . . . . . . . . . . . . . . . . . . . . .  17

   4.1.2.2  Serial number . . . . . . . . . . . . . . . . . . .  17

   4.1.2.3  Signature . . . . . . . . . . . . . . . . . . . . .  18

   4.1.2.4  Issuer  . . . . . . . . . . . . . . . . . . . . . .  18

   4.1.2.5  Validity  . . . . . . . ....