Browse Prior Art Database

Internet X.509 Public Key Infrastructure: Qualified Certificates Profile (RFC3739)

IP.com Disclosure Number: IPCOM000022489D
Original Publication Date: 2004-Mar-01
Included in the Prior Art Database: 2004-Mar-18
Document File: 35 page(s) / 68K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

S. Santesson: AUTHOR [+3]

Abstract

This document forms a certificate profile, based on RFC 3280, for identity certificates issued to natural persons.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 7% of the total text.

Network Working Group S. Santesson

Request for Comments: 3739 Microsoft

Obsoletes: 3039 M. Nystrom

Category: Standards Track RSA Security

T. Polk

NIST

March 2004

Internet X.509 Public Key Infrastructure:

Qualified Certificates Profile

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2004). All Rights Reserved.

Abstract

This document forms a certificate profile, based on RFC 3280, for

identity certificates issued to natural persons.

The profile defines specific conventions for certificates that are

qualified within a defined legal framework, named Qualified

Certificates. However, the profile does not define any legal

requirements for such Qualified Certificates.

The goal of this document is to define a certificate profile that

supports the issuance of Qualified Certificates independent of local

legal requirements. The profile is however not limited to Qualified

Certificates and further profiling may facilitate specific local

needs.

Santesson, et al. Standards Track [Page 1]

RFC 3739 Qualified Certificates Profile March 2004

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2

1.1. Changes since RFC 3039 . . . . . . . . . . . . . . . . . 3

1.2. Definitions. . . . . . . . . . . . . . . . . . . . . . . 4

2. Requirements and Assumptions . . . . . . . . . . . . . . . . . 4

2.1. Properties . . . . . . . . . . . . . . . . . . . . . . . 5

2.2. Statement of Purpose . . . . . . . . . . . . . . . . . . 5

2.3. Policy Issues. . . . . . . . . . . . . . . . . . . . . . 5

2.4. Uniqueness of Names. . . . . . . . . . . . . . . . . . . 6

3. Certificate and Certificate Extensions Profile . . . . . . . . 6

3.1. Basic Certificate Fields . . . . . . . . . . . . . . . . 6

3.1.1. Issuer . . . . . . . . . . . . . . . . . . . . . 6

3.1.2. Subject. . . . . . . . . . . . . . . . . . . . . 7

3.2. Certificate Extensions . . . . . . . . . . . . . . . . . 9

3.2.1. Subject Alternative Name . . . . . . . . . . . . 9

3.2.2. Subject Directory Attributes . . . . . . . . . . 9

3.2.3. Certificate Policies . . . . . . . . . . . . . . 11

3.2.4. Key Usage. . . . . . . . . . . . . . . . . . . . 11

3.2.5. Biometric Information. . . . . . . . . . . . . . 11

3.2.6. Qualified Certificate Statements . . . . . . . . 13

4. Security Considerations. . . . . . . . . . . . . . . . . . . . 15

A. ASN.1 Definitions. . . . . . . . . . . . . . . . . . . . . . . 17

A.1. 1988 ASN.1 Module (Normative). . . . . . . . . . . . . . 17

A.2. 1997 ASN.1 Module (Informative). . . . . . . . . . . . . 19

B. A Note on Attributes . . . . . . . . . . . . . . . . . . . . . 23

C. Example Certificate. . . . . . . . . . . . . . . . . ....