Browse Prior Art Database

Cryptographic Message Syntax (CMS) Content Constraints Extension (RFC6010) Disclosure Number: IPCOM000199823D
Original Publication Date: 2010-Sep-01
Included in the Prior Art Database: 2010-Sep-17
Document File: 76 page(s) / 88K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

R. Housley: AUTHOR [+3]


The Cryptographic Message Syntax (CMS) SignedData [RFC5652] construct is used to sign many things, including cryptographic module firmware packages [RFC4108] and certificate management messages [RFC5272]. Similarly, the CMS AuthenticatedData and CMS AuthEnvelopedData constructs provide authentication, which can be affiliated with an originator's static public key. CMS Content Constraints (CCC) information is conveyed via an extension in a certificate or trust anchor object that contains the originator's or signer's public key.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 3% of the total text.

Internet Engineering Task Force (IETF)                        R. Housley Request for Comments: 6010                           Vigil Security, LLC Category: Standards Track                                     S. Ashmore ISSN: 2070-1721                                 National Security Agency                                                               C. Wallace                                                       Cygnacom Solutions                                                           September 2010

     Cryptographic Message Syntax (CMS) Content Constraints Extension


   This document specifies the syntax and semantics for the    Cryptographic Message Syntax (CMS) content constraints extension.    This extension is used to determine whether a public key is    appropriate to use in the processing of a protected content.  In    particular, the CMS content constraints extension is one part of the    authorization decision; it is used when validating a digital    signature on a CMS SignedData content or validating a message    authentication code (MAC) on a CMS AuthenticatedData content or CMS    AuthEnvelopedData content.  The signed or authenticated content type    is identified by an ASN.1 object identifier, and this extension    indicates the content types that the public key is authorized to    validate.  If the authorization check is successful, the CMS content    constraints extension also provides default values for absent    attributes.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force    (IETF).  It represents the consensus of the IETF community.  It has    received public review and has been approved for publication by the    Internet Engineering Steering Group (IESG).  Further information on    Internet Standards is available in Section 2 of RFC 5741.

   Information about the current status of this document, any errata,    and how to provide feedback on it may be obtained at

 Housley, et al.              Standards Track                    [Page 1]
 RFC 6010                 CMS Content Constraints          September 2010

 Copyright Notice

   Copyright (c) 2010 IETF Trust and the persons identified as the    document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal    Provisions Relating to IETF Documents    ( in effect on the date of    publication of this document.  Please...