Browse Prior Art Database

Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF) (RFC4211)

IP.com Disclosure Number: IPCOM000129127D
Original Publication Date: 2005-Sep-01
Included in the Prior Art Database: 2005-Sep-28
Document File: 41 page(s) / 86K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

J. Schaad: AUTHOR

Abstract

This document describes the Certificate Request Message Format (CRMF) syntax and semantics. This syntax is used to convey a request for a certificate to a Certification Authority (CA), possibly via a Registration Authority (RA), for the purposes of X.509 certificate production. The request will typically include a public key and the associated registration information. This document does not define a certificate request protocol.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 3% of the total text.

Network Working Group                                          J. Schaad
Request for Comments: 4211                       Soaring Hawk Consulting
Obsoletes: 2511                                           September 2005
Category: Standards Track


               Internet X.509 Public Key Infrastructure
               Certificate Request Message Format (CRMF)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This document describes the Certificate Request Message Format (CRMF)
   syntax and semantics.  This syntax is used to convey a request for a
   certificate to a Certification Authority (CA), possibly via a
   Registration Authority (RA), for the purposes of X.509 certificate
   production.  The request will typically include a public key and the
   associated registration information.  This document does not define a
   certificate request protocol.

Schaad                      Standards Track                     [Page 1]
RFC 4211                  Internet X.509 CRMF             September 2005


Table Of Contents

   1. Introduction and Terminology ....................................3
   2. Overview ........................................................3
      2.1. Changes since RFC 2511 .....................................4
   3. CertReqMessage Syntax ...........................................4
   4. Proof-of-Possession (POP) .......................................5
      4.1. Signature Key POP ..........................................7
      4.2. Key Encipherment Keys ......................................9
           4.2.1. Private Key Info Content Type ......................11
           4.2.2. Private Key Structures .............................12
           4.2.3. Challenge-Response Guidelines ......................13
      4.3. Key Agreement Keys ........................................14
      4.4. Use of Password-Based MAC .................................14
   5. CertRequest syntax .............................................16
   6. Controls Syntax ................................................18
      6.1. Registration Token Control ................................18
      6.2. Authenticator Control .....................................19
      6.3. Publication Information Control ...........................19
      6.4...